You are not logged in.
Hello,
I have a mail server. (postfix, dovecot, squirrelmail, ) It had been working for 1 month.
All of a sudden a root password has been changed today. So i booted from CD and changed root password.
After 5 hours I can`t connect to my server again. I see:
ssh -vv root@78.108.179.190
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 78.108.179.190 [78.108.179.190] port 22.
debug1: Connection established.
debug1: identity file /home/filip/.ssh/identity type -1
debug1: identity file /home/filip/.ssh/id_rsa type -1
debug1: identity file /home/filip/.ssh/id_dsa type -1
ssh_exchange_identification: Connection closed by remote host
Any ideas. What should be wrong?
I`m affraid of my server is hacked.
thanks in advance
Filip
Last edited by mezcal (2009-04-24 06:21:25)
Offline
Usually I see that message when I'm blocked by /etc/hosts.deny.
If your root password changes by itself, I think maybe you did get cracked. If you agree, you should reinstall.
Offline
If your root password changes by itself, I think maybe you did get phracked.
*fixed*
My Arch Linux Stuff • Forum Etiquette • Community Ethos - Arch is not for everyone
Offline
ataraxia wrote:If your root password changes by itself, I think maybe you did get phracked.
*fixed*
Nah, that's ambiguous. It might mean this, or it might mean something involving car-lifting.
Offline
SOLVED
I was hacked myself.
I`m little bit paranoid. I try to have my server secured. I use a secure passwords. I forgot it after 1 months. I also use denyhost to prevent ssh dictionary attack. I was blocked by denyhost deamon.
Sometimes it s necesary to go to sleep and solve a problem next day.
Last edited by mezcal (2009-04-24 06:23:59)
Offline
cheers!
SOLVED
I was hacked myself.
I`m little bit paranoid. I try to have my server secured. I use a secure passwords. I forgot it after 1 months. I also use denyhost to prevent ssh dictionary attack. I was blocked by denyhost deamon.Sometimes it s necesary to go to sleep and solve a problem next day.
you could just stop the denyhost daemon then bf you machine xD
or *phrack* the config files/change the user's password
(^.^)
If people do not believe that mathematics is simple, it is only because they do not realize how complicated life is.
Simplicity is the ultimate sophistication.
Offline