Forum Debian Users Gang

super_xxl · 2007-11-30 20:00:47

Witajcie

Kod:

Niepokoi mnie historia mojego basha.

cd "`echo -e '\057home'`"

cd "`echo -e '\057home\057pawel'`"

PROMPT_COMMAND='pwd>&7;kill -STOP $$'

CO TO JEST???? Nigdy nie używałem podobnych poleceń i nie wiem co to jest?!

to są procesy:

Kod:

kupcia:/home/pawel# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   1940   120 ?        Ss   Nov25   0:02 init [2]
root         2  0.0  0.0      0     0 ?        S    Nov25   0:00 [migration/0]
root         3  0.0  0.0      0     0 ?        SN   Nov25   0:00 [ksoftirqd/0]
root         4  0.0  0.0      0     0 ?        S<   Nov25   0:00 [events/0]
root         5  0.0  0.0      0     0 ?        S<   Nov25   0:00 [khelper]
root         6  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kthread]
root         9  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kblockd/0]
root        24  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kseriod]
root        71  0.0  0.0      0     0 ?        S    Nov25   0:00 [pdflush]
root        73  0.0  0.0      0     0 ?        S<   Nov25   0:05 [kswapd0]
root        74  0.0  0.0      0     0 ?        S<   Nov25   0:00 [aio/0]
root       563  0.0  0.0      0     0 ?        S<   Nov25   0:00 [khubd]
root       892  0.0  0.0      0     0 ?        S<   Nov25   0:15 [kjournald]
root      1068  0.0  0.0   2304    52 ?        S<s  Nov25   0:00 udevd --daemon
root      1329  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kpsmoused]
root      1406  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kgameportd]
root      1756  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kmirrord]
root      1842  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kjournald]
root      1844  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kjournald]
root      1846  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kjournald]
root      1848  0.0  0.0      0     0 ?        S<   Nov25   0:00 [kjournald]
daemon    1982  0.0  0.0   1680    44 ?        Ss   Nov25   0:00 /sbin/portmap
root      2140  0.0  0.3   2180   504 ?        S<s  Nov25   0:00 dhclient3 -pf /
root      2234  0.0  0.2   1624   380 ?        Ss   Nov25   0:06 /sbin/syslogd
root      2240  0.0  0.0   1580    44 ?        Ss   Nov25   0:00 /sbin/klogd -x
104       2261  0.0  0.0   2248    44 ?        Ss   Nov25   0:00 /usr/bin/dbus-d
root      2307  0.0  2.2   6124  2900 ?        S    Nov25   0:42 ddclient - slee
root      2327  0.0  0.1   1748   204 ?        Ss   Nov25   0:00 /usr/sbin/inetd
root      2334  0.0  0.4   5880   584 ?        Ss   Nov25   0:02 /usr/sbin/nmbd
root      2336  0.0  0.0   9048    64 ?        Ss   Nov25   0:00 /usr/sbin/smbd
root      2345  0.0  0.0   9048    36 ?        S    Nov25   0:00 /usr/sbin/smbd
root      2359  0.0  0.2   4924   296 ?        Ss   Nov25   0:03 /usr/sbin/sshd
root      2390  0.0  0.0   3020    48 ?        Ss   Nov25   0:00 /usr/sbin/famd
statd     2399  0.0  0.0   1752    56 ?        Ss   Nov25   0:00 /sbin/rpc.statd
daemon    2432  0.0  0.0   1828    76 ?        Ss   Nov25   0:00 /usr/sbin/atd
root      2439  0.0  0.1   2196   216 ?        Ss   Nov25   0:00 /usr/sbin/cron
root      2532  0.0  2.5   9504  3232 ?        Ss   Nov25   0:02 /usr/bin/perl /
root      2547  0.0  0.1   1576   148 tty1     Ss+  Nov25   0:00 /sbin/getty 384
root      2548  0.0  0.0   1576    52 tty2     Ss+  Nov25   0:00 /sbin/getty 384
root      2549  0.0  0.0   1576    52 tty3     Ss+  Nov25   0:00 /sbin/getty 384
root      2552  0.0  0.0   1572    52 tty4     Ss+  Nov25   0:00 /sbin/getty 384
root      2553  0.0  0.0   1572    52 tty5     Ss+  Nov25   0:00 /sbin/getty 384
root      2554  0.0  0.0   1572    52 tty6     Ss+  Nov25   0:00 /sbin/getty 384
root      2629  0.0  2.1   7304  2700 ?        S    Nov25   0:21 ddclient - slee
root      4064  0.0  0.1   4744   168 ?        Ss   Nov25   0:00 /usr/sbin/apach
www-data  4186  0.0  1.1   4876  1472 ?        S    Nov25   0:00 /usr/sbin/apach
www-data  4187  0.0  1.0   4744  1388 ?        S    Nov25   0:00 /usr/sbin/apach
www-data  4188  0.0  1.1   4876  1472 ?        S    Nov25   0:00 /usr/sbin/apach
www-data  4189  0.0  1.0   4744  1340 ?        S    Nov25   0:00 /usr/sbin/apach
www-data  4190  0.0  1.1   4876  1472 ?        S    Nov25   0:00 /usr/sbin/apach
www-data  4191  0.0  1.1   4876  1472 ?        S    Nov25   0:00 /usr/sbin/apach
www-data  4192  0.0  1.0   4744  1296 ?        S    Nov25   0:00 /usr/sbin/apach
www-data  4285  0.0  1.1   4876  1476 ?        S    Nov25   0:00 /usr/sbin/apach
www-data  4286  0.0  1.1   4876  1472 ?        S    Nov25   0:00 /usr/sbin/apach
www-data  4287  0.0  1.1   4876  1468 ?        S    Nov25   0:00 /usr/sbin/apach
root      6363  0.0  0.0      0     0 ?        S    Nov25   0:00 [pdflush]
root     10072  0.0  0.9   2612  1180 ?        S    Nov26   0:00 sh -c yes Yes |
root     10073  0.0  0.3   1564   392 ?        S    Nov26   0:49 yes Yes
root     10074  0.0  8.0  12172 10244 ?        S    Nov26   0:01 apt-get -y --fo
root     10153  0.0  9.4  13380 12064 ?        S    Nov26   0:00 /usr/bin/dpkg -
root     10168 99.6  8.6  12500 10940 ?        R    Nov26 5529:46 /usr/bin/perl
root     10182  0.0  1.7   3828  2276 ?        S    Nov26   0:00 /usr/bin/perl -
komcia   14275  0.0  0.9   3944  1184 ?        Ss   Nov29   0:00 SCREEN
komcia   14276  0.0  2.2   5364  2908 pts/2    Ss   Nov29   0:00 /bin/bash
komcia   22622  0.0  0.9   3952  1184 ?        Ss   12:08   0:00 SCREEN
komcia   22623  0.0  2.3   5524  2980 pts/4    Ss+  12:08   0:00 /bin/bash
pawel    22768  0.0  0.8   3952  1092 ?        Ss   14:25   0:00 SCREEN
pawel    22769  0.0  2.2   5356  2864 pts/1    Ss   14:25   0:00 /bin/bash
pawel    22786  0.0  3.8  17864  4924 pts/1    S+   14:25   0:09 ekg
pawel    22787  0.0  0.2   1504   352 pts/1    S+   14:25   0:00 ioctld /home/pa
komcia   23609  0.0  0.8   3820  1024 pts/2    S+   19:49   0:00 screen -rd 2262
root     23611  0.0  1.7   7696  2280 ?        Ss   19:52   0:00 sshd: pawel [pr
pawel    23613  0.0  1.2   7696  1580 ?        S    19:52   0:00 sshd: pawel@pts
pawel    23614  0.2  2.2   5348  2880 pts/0    Ss   19:52   0:00 -bash
root     23635  0.0  0.8   3728  1084 pts/0    S    19:55   0:00 su
root     23636  0.0  1.3   3996  1712 pts/0    S    19:55   0:00 bash
root     23637  0.0  0.7   3424   988 pts/0    R+   19:56   0:00 ps aux

pomocy! ! ! ! ! !

pozdrawiam

Contravene · 2007-11-30 20:07:44

Prawdopodobnie MC.

super_xxl · 2007-11-30 20:34:54

Kod:

Nov 30 15:39:01 kupcia sshd[22845]: Invalid user webmaster from 200.175.240.26
Nov 30 15:39:01 kupcia sshd[22845]: reverse mapping checking getaddrinfo for complexx.cba.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 30 15:39:01 kupcia sshd[22845]: (pam_unix) check pass; user unknown
Nov 30 15:39:01 kupcia sshd[22845]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.175.240.26
Nov 30 15:39:04 kupcia sshd[22845]: Failed password for invalid user webmaster from 200.175.240.26 port 61896 ssh2
Nov 30 15:39:07 kupcia sshd[22855]: Invalid user postmaster from 200.175.240.26
Nov 30 15:39:07 kupcia sshd[22855]: reverse mapping checking getaddrinfo for complexx.cba.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 30 15:39:07 kupcia sshd[22855]: (pam_unix) check pass; user unknown
Nov 30 15:39:07 kupcia sshd[22855]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.175.240.26
Nov 30 15:39:09 kupcia sshd[22855]: Failed password for invalid user postmaster from 200.175.240.26 port 62120 ssh2
Nov 30 15:39:12 kupcia sshd[22857]: Invalid user postfix from 200.175.240.26
Nov 30 15:39:12 kupcia sshd[22857]: reverse mapping checking getaddrinfo for complexx.cba.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 30 15:39:12 kupcia sshd[22857]: (pam_unix) check pass; user unknown
Nov 30 15:39:12 kupcia sshd[22857]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.175.240.26
Nov 30 15:39:14 kupcia sshd[22857]: Failed password for invalid user postfix from 200.175.240.26 port 62345 ssh2
Nov 30 15:39:17 kupcia sshd[22859]: Invalid user postgres from 200.175.240.26
Nov 30 15:39:17 kupcia sshd[22859]: reverse mapping checking getaddrinfo for complexx.cba.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 30 15:39:17 kupcia sshd[22859]: (pam_unix) check pass; user unknown
Nov 30 15:39:17 kupcia sshd[22859]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.175.240.26
Nov 30 15:39:19 kupcia sshd[22859]: Failed password for invalid user postgres from 200.175.240.26 port 62557 ssh2
Nov 30 15:39:22 kupcia sshd[22861]: Invalid user paul from 200.175.240.26
Nov 30 15:39:22 kupcia sshd[22861]: reverse mapping checking getaddrinfo for complexx.cba.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 30 15:39:22 kupcia sshd[22861]: (pam_unix) check pass; user unknown
Nov 30 15:39:22 kupcia sshd[22861]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.175.240.26
Nov 30 15:39:23 kupcia sshd[22861]: Failed password for invalid user paul from 200.175.240.26 port 62764 ssh2
Nov 30 15:39:26 kupcia sshd[22863]: reverse mapping checking getaddrinfo for complexx.cba.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 30 15:39:26 kupcia sshd[22863]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.175.240.26  user=root
Nov 30 15:39:28 kupcia sshd[22863]: Failed password for root from 200.175.240.26 port 62945 ssh2
Nov 30 15:39:31 kupcia sshd[22865]: Invalid user guest from 200.175.240.26
Nov 30 15:39:31 kupcia sshd[22865]: reverse mapping checking getaddrinfo for complexx.cba.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 30 15:39:31 kupcia sshd[22865]: (pam_unix) check pass; user unknown
Nov 30 15:39:31 kupcia sshd[22865]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.175.240.26
Nov 30 15:39:34 kupcia sshd[22865]: Failed password for invalid user guest from 200.175.240.26 port 63156 ssh2
Nov 30 15:39:37 kupcia sshd[22867]: Invalid user admin from 200.175.240.26
Nov 30 15:39:37 kupcia sshd[22867]: reverse mapping checking getaddrinfo for complexx.cba.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!
Nov 30 15:39:37 kupcia sshd[22867]: (pam_unix) check pass; user unknown
Nov 30 15:39:37 kupcia sshd[22867]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.175.240.26
Nov 30 15:39:39 kupcia sshd[22867]: Failed password for invalid user admin from 200.175.240.26 port 63395 ssh2
Nov 30 15:39:42 kupcia sshd[22869]: Invalid user linux from 200.175.240.26
Nov 30 15:39:42 kupcia sshd[22869]: reverse mapping checking getaddrinfo for complexx.cba.gvt.net.br failed - POSSIBLE BREAK-IN ATTEMPT!

upst!! cóż to za gnoj? jak sie przed nim strzec?
haseł nie odgadnie
moze sobie skanować;p

szewczyk · 2007-11-30 20:59:35

atak typu brue force , jak ?? zmien port ssh na jakis wysoki np 50022

super_xxl · 2007-11-30 22:33:50

A wiecie moze, jak zwiekszyc odstepy pomiedzy logowaniem do ssh? Np co 10 sekund po wpisaniu zlego hasla?

qbsiu · 2007-11-30 22:43:14

I Ty narzekasz na skan.... :D
http://wklej.org/txt/ad336ba4f6 to jest tylko część :D

Ostatnio edytowany przez qbsiu (2007-11-30 22:45:33)

HunteR · 2007-11-30 22:43:56

ja używam DenyHosts (on sprawdza logi i jezeli ktoś probuje brue force banuje go),
a zeby blokowal tylko na pewien czas wiem ze mozna to zrobic to przy pomocy iptables ale nie pamietam jak :/

svL · 2007-11-30 22:53:32

zmien port ssh na jakis wysoki[/quote]
do tego logowanie za pomocą kluczy

"God, root, what is difference?"

Time (s)	Query
0.00010	SET CHARSET latin2
0.00004	SET NAMES latin2
0.00155	SELECT u., g., o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.137.211.49' WHERE u.id=1
0.00132	REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.137.211.49', 1738353323)
0.00068	SELECT * FROM punbb_online WHERE logged<1738353023
0.00075	SELECT topic_id FROM punbb_posts WHERE id=76962
0.00133	SELECT id FROM punbb_posts WHERE topic_id=9882 ORDER BY posted
0.00092	SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=9882 AND t.moved_to IS NULL
0.00007	SELECT search_for, replace_with FROM punbb_censoring
0.00231	SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=9882 ORDER BY p.id LIMIT 0,25
0.00147	UPDATE punbb_topics SET num_views=num_views+1 WHERE id=9882
Total query time: 0.01054 s

Forum Debian Users Gang

Ogłoszenie

#1 2007-11-30 20:00:47

super_xxl - Użytkownik

Włamanie na serwer?!?!?!?!

Kod:

Kod:

#2 2007-11-30 20:07:44

Contravene - Użytkownik

Re: Włamanie na serwer?!?!?!?!

#3 2007-11-30 20:34:54

super_xxl - Użytkownik

Re: Włamanie na serwer?!?!?!?!

Kod:

#4 2007-11-30 20:59:35

szewczyk - Stary wyjadacz :P

Re: Włamanie na serwer?!?!?!?!

#5 2007-11-30 22:33:50

super_xxl - Użytkownik

Re: Włamanie na serwer?!?!?!?!

#6 2007-11-30 22:43:14

qbsiu - Członek DUG

Re: Włamanie na serwer?!?!?!?!

#7 2007-11-30 22:43:56

HunteR - DUG

Re: Włamanie na serwer?!?!?!?!

#8 2007-11-30 22:53:32

svL - Użytkownik

Re: Włamanie na serwer?!?!?!?!

#9 2007-11-30 23:00:14

HunteR - DUG

Re: Włamanie na serwer?!?!?!?!

Stopka forum

Informacje debugowania