At Sun, 16 Aug 2009 07:51:50 -0500 CentOS mailing list centos@centos.org wrote:
Morning all,
Little back ground. Running CentOS 5.3 fully update. I basically run this as router and gateway for home network. I have two(2) winblows machines hooked up. I am running samba for shares. I opened up root's mail this morning and found this strange little comment :
Connections Denied: lib/access.c:check_access(327) 58.239.84.158 : 1 Time(s) smbd/process.c:process_smb(1062) 58.239.84.158 : 1 Time(s)
So I started looking around in /var/log. I looked at my secure logs and saw nothing out of the ordinary. I looked in samba and found a log file 58.239.84.158.log. I opened it up and it said the following:
[2009/08/15 06:31:34, 0] lib/access.c:check_access(327) Denied connection from (58.239.84.158) [2009/08/15 06:31:34, 1] smbd/process.c:process_smb(1062) Connection denied from 58.239.84.158
There is nothing on this server that I can not replace. Did I just get hacked? Should I wipe this thing and start over? Any and all advice is greatly appreciated!!!
I don't think you got hacked. You might want to check your firewall settings though. It *looks* like your firewall is letting netbios connections from off your LAN -- you should not be allowing this!
It does look like someone from 58.239.84.158 (SK Broadband Co Ltd in Seoul) tried to check out your samba shares, but was denied access.
Thanks.
Lee Perez _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos