Forum OpenACS Q&A: Response to Help! no SSH Telnet Access
I was searching through the /var/log/message file and found these entry from yesterday and today:
sshd: Disconnecting: crc32 compensation attack: network attack detected sshd: Disconnecting: Corrupted check bytes on input. adduser: new group: name=liq, gid=521 adduser: new user: name=liq, uid=521, gid=521, home=/home/liq, shell=/bin/bash new group: name=liq1, gid=522 new user: name=liq1, uid=0, gid=522, home=/home/liq1, shell=/bin/bash Accepted password for liq from 220.127.116.11 port 1214 sshd: Disconnecting: Corrupted check bytes on input. Could not reverse map address 18.104.22.168. PAM_unix: (system-auth) session opened for user liq by (uid=0) PAM_unix: (system-auth) session opened for user liq1 by liq(uid=521) adduser: new group: name=satan, gid=523 adduser: new user: name=satan, uid=522, gid=523, home=/home/satan, shell=/bin/bash userdel: delete usersatan' userdel: remove groupsatan' adduser: new group: name=satan, gid=523 adduser: new user: name=satan, uid=522, gid=523, home=/home/satan, shell=/bin/bash
A bigger excerpt is here:
So NOW what?
* These entries for this user are gone from group and passwd
* DNS reverse lookup turns up NOTHING for 22.214.171.124
Do I really need to start over or is it possible to clean up this mess?
Expletives [*****************] here!