The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSHD exploit?

Discussion in 'General Discussion' started by neonix, Jan 4, 2006.

  1. neonix

    neonix Well-Known Member

    Joined:
    Oct 21, 2004
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    0
    Output of 'ps -ef' . Are these normal processes or is someone running/attempting an exploit?

    root 17686 5951 0 22:02 ? 00:00:00 sshd: unknown [priv]
    sshd 17687 17686 0 22:02 ? 00:00:00 sshd: unknown [net]
    root 17688 5951 0 22:02 ? 00:00:00 sshd: unknown [priv]
    sshd 17689 17688 1 22:02 ? 00:00:00 sshd: unknown [net]
    root 17690 5951 0 22:02 ? 00:00:00 sshd: unknown [priv]
    sshd 17695 17690 0 22:02 ? 00:00:00 sshd: unknown [net]
    root 17696 5951 0 22:02 ? 00:00:00 /usr/sbin/sshd
    sshd 17697 17696 0 22:02 ? 00:00:00 sshd: [net]
     
    #1 neonix, Jan 4, 2006
    Last edited: Jan 4, 2006
  2. neonix

    neonix Well-Known Member

    Joined:
    Oct 21, 2004
    Messages:
    124
    Likes Received:
    2
    Trophy Points:
    0
    It was indeed an sshd attack. bfd/apf blocked it.

    The remote system 211-233-59-29.kidc.net was found to have exceeded
    acceptable login failures. As such the attacking host
    has been banned from further accessing this system; for the integrity
    of your host you should investigate this event as soon as possible.

    The following are event logs for 276 login failures from
    211-233-59-29.kidc.net on service sshd (all time stamps are GMT +0530):
    ----
    - Executed actions:
    /etc/apf/apf -d 211-233-59-29.kidc.net {bfd.sshd}
     
Loading...

Share This Page