On Wed, 21 Apr 2010 00:33:11 -0400 Steve Blackwell <zephod@xxxxxxxxxx> wrote: > I was looking at my logwatch mail and saw: > > Failed logins from: > 62.39.117.140 (140.117.39-62.rev.gaoland.net): 139 times > 220.128.67.41: 9 times > > Illegal users from: > 62.39.117.140 (140.117.39-62.rev.gaoland.net): 229 times > 220.128.67.41: 2 times > > > Received disconnect: > 11: Bye Bye : 379 Time(s) > > so it appears that someone was trying to break in to my machine. > > I googled rev.gaoland.net (http://whois.domaintools.com/gaoland.net) > and it appears to be some kind of French ISP. > Is there some place to report this? > > Steve rkhunter is reporting this: ---------------------- Start Rootkit Hunter Scan ---------------------- Warning: Suspicious file types found in /dev: /dev/shm/mono-shared-500-shared_fileshare-steve.blackwell-Linux-i686-36-12-0:data /dev/shm/mono-shared-500-shared_data-steve.blackwell-Linux-i686-312-12-0:data /dev/shm/mono.2812: data process 2812 is tomboy so that should be OK. What are the other 2? Normal? OK to whitelist them? Thanks, Steve -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
