You are not logged in.

#1 2009-04-23 15:52:26

mezcal
Member
From: Czech Republic
Registered: 2006-01-31
Posts: 67
Website

root password was changed [SOLVED]

Hello,

I have a mail server. (postfix, dovecot, squirrelmail, ) It had been working for 1 month.

All of a sudden a root password has been changed today. So i booted from CD and changed root password.

After 5 hours I can`t connect to my server again. I see:

ssh -vv root@78.108.179.190
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 78.108.179.190 [78.108.179.190] port 22.
debug1: Connection established.
debug1: identity file /home/filip/.ssh/identity type -1
debug1: identity file /home/filip/.ssh/id_rsa type -1
debug1: identity file /home/filip/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host

Any ideas. What should be wrong?
I`m affraid of my server is hacked.
thanks in advance
Filip

Last edited by mezcal (2009-04-24 06:21:25)

Offline

#2 2009-04-23 17:15:10

ataraxia
Member
From: Pittsburgh
Registered: 2007-05-06
Posts: 1,553

Re: root password was changed [SOLVED]

Usually I see that message when I'm blocked by /etc/hosts.deny.

If your root password changes by itself, I think maybe you did get cracked. If you agree, you should reinstall.

Offline

#3 2009-04-23 17:38:25

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,963
Website

Re: root password was changed [SOLVED]

ataraxia wrote:

If your root password changes by itself, I think maybe you did get phracked.

*fixed*


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

#4 2009-04-23 19:44:59

ataraxia
Member
From: Pittsburgh
Registered: 2007-05-06
Posts: 1,553

Re: root password was changed [SOLVED]

Xyne wrote:
ataraxia wrote:

If your root password changes by itself, I think maybe you did get phracked.

*fixed*

Nah, that's ambiguous. It might mean this, or it might mean something involving car-lifting. lol

Offline

#5 2009-04-24 06:21:08

mezcal
Member
From: Czech Republic
Registered: 2006-01-31
Posts: 67
Website

Re: root password was changed [SOLVED]

SOLVED

I was hacked myself. big_smile
I`m little bit paranoid. I try to have my server secured. I use a secure passwords. I forgot it after 1 months. I also use denyhost to prevent ssh dictionary attack. I was blocked by denyhost deamon.

Sometimes it s necesary to go to sleep and solve a problem next day.

Last edited by mezcal (2009-04-24 06:23:59)

Offline

#6 2009-04-24 18:47:17

quarkup
Member
From: Portugal
Registered: 2008-09-07
Posts: 497
Website

Re: root password was changed [SOLVED]

cheers!

mezcal wrote:

SOLVED

I was hacked myself. big_smile
I`m little bit paranoid. I try to have my server secured. I use a secure passwords. I forgot it after 1 months. I also use denyhost to prevent ssh dictionary attack. I was blocked by denyhost deamon.

Sometimes it s necesary to go to sleep and solve a problem next day.

you could just stop the denyhost daemon then bf you machine xD
or *phrack* the config files/change the user's password


(^.^)


If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.
Simplicity is the ultimate sophistication.

Offline

Board footer

Powered by FluxBB