Help, getting hacked# Security - 系统安全
s*d
1 楼
I am quite certain that someone had broken into some of my unix machines.
And I need your help on several questions. Thanks in advance.
One is running AIX 4.1, it was known to be using as an open mail relay.
I found the following problem:
1. There is one extra user with the user name "+" and user id "0", this should
be a clear sign of hacking. Is that right?
2. There's a lot of failed login in my /ect/security/failedlogin, with user
name "UNKNOWN", and from some unidentified IP address. Such as
And I need your help on several questions. Thanks in advance.
One is running AIX 4.1, it was known to be using as an open mail relay.
I found the following problem:
1. There is one extra user with the user name "+" and user id "0", this should
be a clear sign of hacking. Is that right?
2. There's a lot of failed login in my /ect/security/failedlogin, with user
name "UNKNOWN", and from some unidentified IP address. Such as