Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

forgot password?



Reply


Old
  Post #1 (permalink)   10-27-2009, 09:36 PM
HD Newbie
 
Join Date: Nov 2008
Posts: 25

Status: lenovohost is offline
HI

Does any one can tell What exactly does it means i have searched many but not found a correct answer

Quote:
24513 root 19 0.0 0.0 sshd: username [priv]
24546 username 19 0.0 0.0 sshd: username@notty

22814 username 19 0.0 0.0 sshd: username

24548 root 19 0.0 0.0 jailshell (username) [24557] ell -c /usr/libexec/openssh/sftp-server

24557 username 19 0.0 0.0 /usr/libexec/openssh/sftp-server
Does is hacking ?

Can any one help me ?

I have the some logs using the command

grep -i ssh /var/log/messages
Quote:
Oct 11 16:57:04 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101101
Oct 11 16:57:04 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101101
Oct 11 16:57:04 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101101)
Oct 11 16:57:04 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101101)
Oct 11 16:57:06 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101102
Oct 11 16:57:06 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101102)
Oct 11 16:57:06 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101102
Oct 11 16:57:06 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101102)
Oct 11 20:25:07 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101103
Oct 11 20:25:07 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101103)
Oct 11 20:25:07 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101103
Oct 11 20:25:07 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101103)
Oct 11 20:38:08 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101104
Oct 11 20:38:08 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101104)
Oct 11 20:38:08 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101104
Oct 11 20:38:08 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101104)
Oct 11 20:39:07 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101105
Oct 11 20:39:07 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101105)
Oct 11 20:39:07 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101105
Oct 11 20:39:07 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101105)
Oct 11 20:47:03 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101106
Oct 11 20:47:03 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101106)
Oct 11 20:47:03 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101106
Oct 11 20:47:03 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101106)
Oct 11 20:49:22 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101107
Oct 11 20:49:22 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101107)
Oct 11 20:49:22 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101107
Oct 11 20:49:22 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101107)
Oct 11 21:04:33 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101108
Oct 11 21:04:33 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101108)
Oct 11 21:04:33 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101108
Oct 11 21:04:33 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101108)
Oct 11 21:06:45 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101109
Oct 11 21:06:45 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101109)
Oct 11 21:06:45 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101109
Oct 11 21:06:45 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101109)
Oct 11 22:00:15 Core2Quad named[3412]: zone domain.com/IN/external: loaded serial 2009101110
Oct 11 22:00:15 Core2Quad named[3412]: zone domain.com/IN/external: sending notifies (serial 2009101110)
Oct 11 22:00:15 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101110
Oct 11 22:00:15 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101110)
__________________
LENOVOhost Network Solutions, designs the technology of Tomorrow
RVSkins, Fantastico, 24/7 Support, FFMPEG, SLA Uptime, Daily Backups, End-User Support & More
Support Desk Software | Sales, Billing & Tech End-user Support | Hosting Templates
 
 
 


Old
  Post #2 (permalink)   10-27-2009, 10:29 PM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
Do you shell into the system? If so, then it coudl be reporting you as the shell login.

From the looks of your first quoted area, you have JailShell enabled on your server. If that's the case, then a user can be shelling into their account.

24548 root 19 0.0 0.0 jailshell (username) [24557] ell -c /usr/libexec/openssh/sftp-server

This relates to sFTP - a process where a user uses FTP over SSH to upload files to the server.

You really need to contact the hosting company regarding this for final decisions - they will be able to assist you - if not, you need to find a new host.
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 
 


Old
  Post #3 (permalink)   10-28-2009, 08:42 AM
HD Newbie
 
Join Date: Nov 2008
Posts: 25

Status: lenovohost is offline
Yes we have the shell we have disabled the login of the user for shell

Quote:
24513 root 19 0.0 0.0 sshd: username [priv]
24546 username 19 0.0 0.0 sshd: username@notty
Even though i have disabled the access the shell access i am geting the message
__________________
LENOVOhost Network Solutions, designs the technology of Tomorrow
RVSkins, Fantastico, 24/7 Support, FFMPEG, SLA Uptime, Daily Backups, End-User Support & More
Support Desk Software | Sales, Billing & Tech End-user Support | Hosting Templates
 
 
 


Old
  Post #4 (permalink)   10-28-2009, 11:06 AM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
Is the username one of your accounts?

Have you disabled sFTP on your server? The other error definitely had jailshell listed, and that's shell access for users. If you believe you've disabled shell and you're still getting that notice, then it's not disabled.
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 
 


Old
  Post #5 (permalink)   10-28-2009, 06:48 PM
HD Newbie
 
Join Date: Nov 2008
Posts: 25

Status: lenovohost is offline
Quote:
Originally Posted by handsonhosting View Post
Is the username one of your accounts?

Have you disabled sFTP on your server? The other error definitely had jailshell listed, and that's shell access for users. If you believe you've disabled shell and you're still getting that notice, then it's not disabled.

Yes one of the acccount holder and sFTP is not disabled
__________________
LENOVOhost Network Solutions, designs the technology of Tomorrow
RVSkins, Fantastico, 24/7 Support, FFMPEG, SLA Uptime, Daily Backups, End-User Support & More
Support Desk Software | Sales, Billing & Tech End-user Support | Hosting Templates
 
 
 


Old
  Post #6 (permalink)   10-28-2009, 09:10 PM
HD Newbie
 
Join Date: May 2009
Location: Chicago
Posts: 47
Send a message via AIM to charlier

Status: charlier is offline
The first I imagine is your process table you are showing us. It just looks like you have a user or two running stuff over ssh.

Quote:
24513 root 19 0.0 0.0 sshd: username [priv]
24546 username 19 0.0 0.0 sshd: username@notty
22814 username 19 0.0 0.0 sshd: username
24548 root 19 0.0 0.0 jailshell (username) [24557] ell -c /usr/libexec/openssh/sftp-server
24557 username 19 0.0 0.0 /usr/libexec/openssh/sftp-server
This looks like it's just users securely transferring over files, not a bad thing.

Quote:
Oct 11 22:00:15 Core2Quad named[3412]: zone domain.com/IN/internal: loaded serial 2009101110
Oct 11 22:00:15 Core2Quad named[3412]: zone domain.com/IN/internal: sending notifies (serial 2009101110)
This looks like it's just your dns syncing. Named is your dns server.

You look fine at first glance.
__________________
NodeHideout.com | Cpanel Shared & Reseller Hosting | DNS Registration | SSL Certs
 
 
 


Old
  Post #7 (permalink)   10-30-2009, 01:34 AM
HD Newbie
 
Join Date: Nov 2008
Posts: 25

Status: lenovohost is offline
That fine Thank for clarification
__________________
LENOVOhost Network Solutions, designs the technology of Tomorrow
RVSkins, Fantastico, 24/7 Support, FFMPEG, SLA Uptime, Daily Backups, End-User Support & More
Support Desk Software | Sales, Billing & Tech End-user Support | Hosting Templates
 
 
 


Old
  Post #8 (permalink)   01-18-2010, 02:17 AM
HD Newbie
 
Join Date: Jul 2009
Posts: 36

Status: BobyKirov is offline
don`t worry , it is not hacking attempt, it`s from your dns server.
__________________
Affodrable Web Hosting
Web Hosting Blog
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: