LinkBack URL
About LinkBacks
Should I be Security Alert?
I get these from Logwatch's proftpd report (where I have replaced my real server name and IP to the following). Has someone hacked into my server? Should I be worried?:
-----------------------------------------------------
my.server.com (M467P017.adsl.highway.telekom.at[62.47.218.81]) - FTP session opened.
my.server.com (M467P017.adsl.highway.telekom.at[62.47.218.81]) - FTP session opened.
12.123.12.123 (M467P017.adsl.highway.telekom.at[62.47.218.81]) - FTP session opened.
12.123.12.123 (M467P017.adsl.highway.telekom.at[62.47.218.81]) - FTP session opened.
my.server.com (M467P017.adsl.highway.telekom.at[62.47.218.81]) - FTP session closed.
my.server.com (M467P017.adsl.highway.telekom.at[62.47.218.81]) - FTP session closed.
12.123.12.123 (M467P017.adsl.highway.telekom.at[62.47.218.81]) - FTP session closed.
12.123.12.123 (M467P017.adsl.highway.telekom.at[62.47.218.81]) - FTP session closed.
12.123.12.123 (M467P017.adsl.highway.telekom.at[62.47.218.81]) - FTP session closed.
-----------------------------------------------------
...and these...
-----------------------------------------------------
New Users:
mysql(100)
postfix(89)
Connections:
Service imap:
127.0.0.1: 7 Time(s)
**Unmatched Entries**
groupadd[2096]: new group: name=proftpd, gid=500
useradd[2490]: new group: name=mysql, gid=101
groupadd[7982]: new group: name=postdrop, gid=90
groupadd[7983]: new group: name=postfix, gid=89
useradd[7985]: add `postfix' to group `mail'
useradd[7985]: add `postfix' to shadow group `mail'
usermod[13156]: change user `mailman' GID from `32002' to `32002'
-----------------------------------------------------
Reply With Quote
