 |
 |
Trying to be hacked, but no IP adresse to the hacker !
|
|
|
|
|
Dedicated MacNNer
Join Date: Jul 2002
Location: Norway
Status:
Offline
|
|
Hello. Over some days now before I by luck read my logs for some reason noticed that somebody had tried to hack my machine. He had been trying with alot of different usernames, in this case it's "robert" which is not my name  This is his/her try 12:56:30 UTC or 14:56:30 GMT+2, the list with entries like this goes on and on...
asl.log
Code:
[Time 2006.03.26 12:56:30 UTC] [Facility authpriv] [Sender com.apple.SecurityServer] [PID -1] [Message authinternal failed to authenticate user robert.] [Level 3] [UID -2] [GID -2] [Host jb]
[Time 2006.03.26 12:56:30 UTC] [Facility authpriv] [Sender com.apple.SecurityServer] [PID -1] [Message Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.] [Level 5] [UID -2] [GID -2] [Host jb]
secure.log
Code:
Mar 26 14:56:30 jb com.apple.SecurityServer: authinternal failed to authenticate user robert.
Mar 26 14:56:30 jb com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
How is this possible. Been on this now for two days to try and find a IP adresse. But that is the only trace of him. Are there some exploits in 10.4.5 that enables people to hack from localhost or something ?
|
|
Mac Pro 2 x 2.8 GHz Quad-Core, Nvidia GeForce 8800GT
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2001
Location: Chico, CA and Carlsbad, CA.
Status:
Offline
|
|
Originally Posted by Johnny_B
Hello. Over some days now before I by luck read my logs for some reason noticed that somebody had tried to hack my machine. He had been trying with alot of different usernames, in this case it's "robert" which is not my name This is his/her try 12:56:30 UTC or 14:56:30 GMT+2, the list with entries like this goes on and on...
asl.log
Code:
[Time 2006.03.26 12:56:30 UTC] [Facility authpriv] [Sender com.apple.SecurityServer] [PID -1] [Message authinternal failed to authenticate user robert.] [Level 3] [UID -2] [GID -2] [Host jb]
[Time 2006.03.26 12:56:30 UTC] [Facility authpriv] [Sender com.apple.SecurityServer] [PID -1] [Message Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.] [Level 5] [UID -2] [GID -2] [Host jb]
secure.log
Code:
Mar 26 14:56:30 jb com.apple.SecurityServer: authinternal failed to authenticate user robert.
Mar 26 14:56:30 jb com.apple.SecurityServer: Failed to authorize right system.login.tty by process /usr/sbin/sshd for authorization created by /usr/sbin/sshd.
How is this possible. Been on this now for two days to try and find a IP adresse. But that is the only trace of him. Are there some exploits in 10.4.5 that enables people to hack from localhost or something ?
You're alright, man. Check out /etc/system.log and you'll be able to see the attempts a little more clearly... I get those day in and day out on every public-facing server I manage. Those "attempts" are just bots trying generic username and weak passwords.
As long as your username is not "robert" and your password is not "robert" you're probably ok. 
|
"In Nomine Patris, Et Fili, Et Spiritus Sancti"
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top