Hacked? Or just being paranoid..
Posted: Mon Nov 27, 2006 8:12 am
Hi guys..
I woke up this morning to a noisy xbox..
It was running at 100% cpu..
As i connected to it, it noticed nothing "really bad" happening.. There was a whole bunch of sshd instances - but noone else but me was connected. I checked the syslog - and only thing that has happened is some fool connecting to my ftp (proftpd) just before midnight..
Nov 26 23:57:44 xbox proftpd[4916]: xbox (70.246.185.78[70.246.185.78]) - FTP session opened.
Nov 26 23:57:47 xbox proftpd[4916]: xbox (70.246.185.78[70.246.185.78]) - FTP session closed.
After that there isn't anything more in my syslog until I rebooted the server at 0800.
I've stopped proftpd, and changed the root password, but the strange thing is that it seems (at least in mrtg) that the high CPU started just before I got up (and checked the box). (http://xboxlinux.mine.nu/mrtg) (the high CPU and network traffic last night is MY "fault").
I'm running a virus scan as we speak, but as the server is still running Pro 3.0, I'm going to upgrade instead of all this worrying..
Thank god all my data is located elswhere
Anyone ever seen anything like this? - Anything to worry about (when reinstalling)..?
Steinar T
I woke up this morning to a noisy xbox..
It was running at 100% cpu..
As i connected to it, it noticed nothing "really bad" happening.. There was a whole bunch of sshd instances - but noone else but me was connected. I checked the syslog - and only thing that has happened is some fool connecting to my ftp (proftpd) just before midnight..
Nov 26 23:57:44 xbox proftpd[4916]: xbox (70.246.185.78[70.246.185.78]) - FTP session opened.
Nov 26 23:57:47 xbox proftpd[4916]: xbox (70.246.185.78[70.246.185.78]) - FTP session closed.
After that there isn't anything more in my syslog until I rebooted the server at 0800.
I've stopped proftpd, and changed the root password, but the strange thing is that it seems (at least in mrtg) that the high CPU started just before I got up (and checked the box). (http://xboxlinux.mine.nu/mrtg) (the high CPU and network traffic last night is MY "fault").
I'm running a virus scan as we speak, but as the server is still running Pro 3.0, I'm going to upgrade instead of all this worrying..
Thank god all my data is located elswhere
Anyone ever seen anything like this? - Anything to worry about (when reinstalling)..?
Steinar T