Hi Robert,
If you ping aca25f24.ipt.aol.com
You get back this IP 172.162.95.36
It sounds a lot like a private IP address or an automatic address that the
NIC takes automatically after not finding a DHCP server.
Maybe the server just resolved back an automatic ip address Ive seen this to
happen
HTH
Rodrigo O
Xnet
-----Original Message-----
From: Robert Fitzpatrick [mailto:lists (at mark) webtent.net]
Sent: Viernes, 09 de Marzo de 2007 06:13 a.m.
To: BlueQuartz
Subject: [coba-e:09053] CentOS+BQ hacked?
I could not login to a backup server this morning. I have not accessed it in
while, after connecting via terminal, I see the following. I have never
accessed this server from AOL, does this necessarily mean it was hacked. I
restarted SSH fine and now can access normally, so far, not been able to
find any other signs. Still shows them connected, how can I kick them and
see what might be signs of a hack?
CentOS release 4.4 (Final)
Kernel 2.6.16 on an i586
bq.ky.webtent.net login: root
Password:
login(pam_unix)[1754]: session opened for user root by LOGIN(uid=0)
pam_loginuid[1754]: set_loginuid failed opening loginuid
Last login: Sun Feb 11 01:20:29 from aca25f24.ipt.aol.com
-- root[1754]: DIALUP AT ttyS0 BY root
-- root[1754]: ROOT LOGIN ON ttyS0
[root@bq ~]# who
root ttyS0 Mar 9 08:08
root pts/0 Feb 11 01:20 (aca25f24.ipt.aol.com)
--
Robert