[CentOS] OT: Strange message in root e-mail possiablly hacked!!! Not sure??
Robert Heller
heller at deepsoft.com
Sun Aug 16 13:35:01 UTC 2009
At Sun, 16 Aug 2009 07:51:50 -0500 CentOS mailing list <centos at centos.org> wrote:
>
> Morning all,
>
> Little back ground. Running CentOS 5.3 fully update. I basically run
> this as router and gateway for home network. I have two(2) winblows
> machines hooked up. I am running samba for shares. I opened up root's
> mail this morning and found this strange little comment :
>
> Connections Denied:
> lib/access.c:check_access(327) 58.239.84.158 : 1 Time(s)
> smbd/process.c:process_smb(1062) 58.239.84.158 : 1 Time(s)
>
> So I started looking around in /var/log. I looked at my secure logs and
> saw nothing out of the ordinary. I looked in samba and found a log file
> 58.239.84.158.log. I opened it up and it said the following:
>
> [2009/08/15 06:31:34, 0] lib/access.c:check_access(327)
> Denied connection from (58.239.84.158)
> [2009/08/15 06:31:34, 1] smbd/process.c:process_smb(1062)
> Connection denied from 58.239.84.158
>
> There is nothing on this server that I can not replace. Did I just get
> hacked? Should I wipe this thing and start over? Any and all advice is
> greatly appreciated!!!
I don't think you got hacked. You might want to check your firewall
settings though. It *looks* like your firewall is letting netbios
connections from off your LAN -- you should not be allowing this!
It does look like someone from 58.239.84.158 (SK Broadband Co Ltd in
Seoul) tried to check out your samba shares, but was denied access.
>
> Thanks.
>
> Lee Perez
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
--
Robert Heller -- 978-544-6933
Deepwoods Software -- Download the Model Railroad System
http://www.deepsoft.com/ -- Binaries for Linux and MS-Windows
heller at deepsoft.com -- http://www.deepsoft.com/ModelRailroadSystem/
More information about the CentOS
mailing list