Shell traması vs herseyı yaptım en son last login de
Jul 21 06:03:29 linux pure-ftpd: (?@88.150.201.60) [INFO] New connection from 88.150.201.60
Jul 21 06:03:30 linux pure-ftpd: (?@88.150.201.60) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-SHA, 256 secret bits cipher
Jul 21 06:03:31 linux pure-ftpd: (?@88.150.201.60) [INFO] sosmedorg is now logged in
Jul 21 06:03:41 linux pure-ftpd: (?@88.150.201.58) [INFO] New connection from 88.150.201.58
Jul 21 06:03:42 linux pure-ftpd: (?@88.150.201.58) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-SHA, 256 secret bits cipher
Jul 21 06:03:42 linux pure-ftpd: (?@88.150.201.58) [INFO] media is now logged in
Jul 21 06:03:50 linux pure-ftpd: (?@88.150.201.58) [INFO] New connection from 88.150.201.58
Jul 21 06:03:51 linux pure-ftpd: (?@88.150.201.58) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-SHA, 256 secret bits cipher
Jul 21 06:03:55 linux pure-ftpd: (?@88.150.201.58) [WARNING] Authentication failed for user [media]
Jul 21 06:03:55 linux pure-ftpd: (?@88.150.201.58) [INFO] Logout.
bunları gördüm redstation üzerindne ayrıca girenler 31.3.240.98 üzerinden windows sunucu ıle gırmısler yukardakı ne anlama gelıyor bırı tam acıklar mı
ve ayrıca bu var
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
root@Localhost
retry timeout exceeded
------ This is a copy of the message, including all the headers. ------
id 1ZHLte-00076F-GV
for root@Localhost; Tue, 21 Jul 2015 03:59:02 +0300
To: root@Localhost
Subject: LiteSpeed Web Admin Console Failed Login Attempt
Message-Id: <E1ZHLte-00076F-GV@l
From: l
Date: Tue, 21 Jul 2015 03:59:02 +0300
A recent login attempt to LiteSpeed web admin console failed. Details of the attempt are below.
Date/Time: July 20, 2015, 8:59 pm
Username: root
IP Address: 88.150.201.61
Hostname: h88-150-201-61.host.redstation.co.uk
URL: http://site:7080/login.php
If you do not recognize the IP address, please follow below recommended ways to secure your admin console:
1. set access allowed list to limit certain IP that can access under WebConsole->Admin->Security tab;
2. change the listener port from default value 7080;
3. do not use simple password;
4. use https for admin console.
Sunucumun Sürekli Hacklenmesı
3
●436
- 21-07-2015, 09:32:27
- 21-07-2015, 12:26:00Jul 21 06:03:29 linux pure-ftpd: (?@88.150.201.60) [INFO] New connection from 88.150.201.60
Jul 21 06:03:30 linux pure-ftpd: (?@88.150.201.60) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-SHA, 256 secret bits cipher
Jul 21 06:03:31 linux pure-ftpd: (?@88.150.201.60) [INFO] sosmedorg is now logged in
Jul 21 06:03:41 linux pure-ftpd: (?@88.150.201.58) [INFO] New connection from 88.150.201.58
Jul 21 06:03:42 linux pure-ftpd: (?@88.150.201.58) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-SHA, 256 secret bits cipher
Jul 21 06:03:42 linux pure-ftpd: (?@88.150.201.58) [INFO] media is now logged in
Jul 21 06:03:50 linux pure-ftpd: (?@88.150.201.58) [INFO] New connection from 88.150.201.58
Jul 21 06:03:51 linux pure-ftpd: (?@88.150.201.58) [INFO] SSL/TLS: Enabled TLSv1/SSLv3 with AES256-SHA, 256 secret bits cipher
Jul 21 06:03:55 linux pure-ftpd: (?@88.150.201.58) [WARNING] Authentication failed for user [media]
Jul 21 06:03:55 linux pure-ftpd: (?@88.150.201.58) [INFO] Logout.
Peki bu akradas login olabilmis mi ?
