[CentOS] OT: Strange message in root e-mail possiablly hacked!!! Not sure??

Robert Heller heller at deepsoft.com
Sun Aug 16 13:35:01 UTC 2009

At Sun, 16 Aug 2009 07:51:50 -0500 CentOS mailing list <centos at centos.org> wrote:

> Morning all,
> Little back ground.  Running CentOS 5.3 fully update.  I basically run 
> this as router and gateway for home network.  I have two(2) winblows 
> machines hooked up.  I am running samba for shares.   I opened up root's 
> mail this morning and found this strange little comment :
> Connections Denied:
>     lib/access.c:check_access(327) : 1 Time(s)
>     smbd/process.c:process_smb(1062) : 1 Time(s)
> So I started looking around in /var/log.  I looked at my secure logs and 
> saw nothing out of the ordinary.  I looked in samba and found a log file 
>  I opened it up and it said the following:
> [2009/08/15 06:31:34, 0] lib/access.c:check_access(327)
>   Denied connection from  (
> [2009/08/15 06:31:34, 1] smbd/process.c:process_smb(1062)
>   Connection denied from
> There is nothing on this server that I can not replace.  Did I just get 
> hacked?  Should I wipe this thing and start over?  Any and all advice is 
> greatly appreciated!!!

I don't think you got hacked.  You might want to check your firewall
settings though.  It *looks* like your firewall is letting netbios
connections from off your LAN -- you should not be allowing this!

It does look like someone from (SK Broadband Co Ltd in
Seoul) tried to check out your samba shares, but was denied access.

> Thanks.
> Lee Perez
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Robert Heller             -- 978-544-6933
Deepwoods Software        -- Download the Model Railroad System
http://www.deepsoft.com/  -- Binaries for Linux and MS-Windows
heller at deepsoft.com       -- http://www.deepsoft.com/ModelRailroadSystem/

More information about the CentOS mailing list