[CentOS] OT: Strange message in root e-mail possiablly hacked!!! Not sure??
Chan Chung Hang Christopher
christopher.chan at bradbury.edu.hk
Sun Aug 16 14:39:43 UTC 2009
>> So I started looking around in /var/log. I looked at my secure logs and
>> saw nothing out of the ordinary. I looked in samba and found a log file
>> 58.239.84.158.log. I opened it up and it said the following:
>>
>> [2009/08/15 06:31:34, 0] lib/access.c:check_access(327)
>> Denied connection from (58.239.84.158)
>> [2009/08/15 06:31:34, 1] smbd/process.c:process_smb(1062)
>> Connection denied from 58.239.84.15
> I don't think you got hacked. You might want to check your firewall
> settings though. It *looks* like your firewall is letting netbios
> connections from off your LAN -- you should not be allowing this!
>
He can do better. Why is samba bound to an Internet facing interface at
all? Unless you have a need to allow smb/cifs connections over the
Internet, samba should never ever be allowed to bind to an interface
with an Internet ip.
> It does look like someone from 58.239.84.158 (SK Broadband Co Ltd in
> Seoul) tried to check out your samba shares, but was denied access.
>
>
Yea for tcp wrappers...
More information about the CentOS
mailing list