Carl Parsons wrote:
> This was the target computer log file
>
> Jun 15 23:27:24 sshd[1238]: Illegal user pingnu from 81.178.1.21
Can I assume that 81.178.1.21 is your IP address?
(81-178-1-21.dsl.pipex.com) (frankly, the complaint should be going to
abuse@pipex.com...)
(more sshd logs trimmed)
> My log files
All mail-related logs. These aren't relevant to the ssh session(s) the
remote site is reporting.
Try last, w, who, and lastlog to get a sense of whether someone has been
accessing your system without proper permission. Note that if the
system *has* been compromised, you may not be able to trust the output
of these commands (for instance if the root account has been
compromised).
> I do not have a user called pingnu but a group called pingnu the time
> difference could be he is in France and I am i the UK and my clock is
> not set exactly.
The user name that someone is trying to use at the remote end isn't
necessarily going to be the username they're operating as on your end.
You need the other end to query your ident daemon, and let you know the
username it reports back for the ssh sessions.
--
----------------------------------------------------------------------
Sylvain Robitaille
syl@alcor.concordia.ca
Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------