进程里多了个1007用户的进程，怎么回事啊！

sszy1 · 发表于 2010-6-27 00:32:58

刚去看了下，发现多了个1007这个用户的进程，我装的是kloxo的。我自己没加多这个用户啊。而且vps我都是用来SSH反强的，没其他什么用途。是不是被人入侵了啊？靠。

deak17 · 发表于 2010-6-27 00:59:32

也是登录SSH，去用户管理看下，有没有这个用户

sanp · 发表于 2010-6-27 01:03:04

我刚进了一个人的VPS
不过是windows vps, 应该不是楼主的
密码居然是123456
看了一下没什么有价值的东西就退了出来了

啊猪同学 · 发表于 2010-6-27 01:20:44

~!额

鸿星尔克 · 发表于 2010-6-27 08:15:12

PM我你的SSH，我帮你看看。

霸武邪皇 · 发表于 2010-6-27 08:20:10

vi /var/log/secure

复制代码

看看日志

sszy1 · 发表于 2010-6-27 10:25:50

原帖由 霸武邪皇 于 2010-6-27 08:20 发表
vi /var/log/secure看看日志

看了日志都是这个，不会看。。我自己没创建过这个1007用户的，我到面板看也没有这个用户，怎么回事呢。

Jun 27 03:36:07 ssh sshd[19746]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:36:08 ssh sshd[20180]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:15 ssh sshd[21737]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:16 ssh sshd[21738]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:36:20 ssh sshd[21739]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:21 ssh sshd[21741]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:25 ssh sshd[21743]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:36:28 ssh sshd[21745]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:33 ssh sshd[21756]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:36:34 ssh sshd[21760]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:39 ssh sshd[21764]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:41 ssh sshd[21770]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:42 ssh sshd[21774]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:36:48 ssh sshd[21786]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:50 ssh sshd[21792]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:36:54 ssh sshd[21816]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:56 ssh sshd[24490]: pam_unix(sshd:session): session closed for user www.fanqiang.cc
Jun 27 03:36:58 ssh sshd[21842]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:36:58 ssh sshd[21845]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:37:01 ssh sshd[21863]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:07 ssh sshd[21871]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:07 ssh sshd[21873]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:37:14 ssh sshd[21883]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:15 ssh sshd[21884]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:37:17 ssh sshd[21885]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:21 ssh sshd[21892]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:24 ssh sshd[21898]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:37:26 ssh sshd[21900]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:31 ssh sshd[21916]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:37:33 ssh sshd[21918]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:36 ssh sshd[21919]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:40 ssh sshd[21921]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:37:41 ssh sshd[21924]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:45 ssh sshd[21929]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:48 ssh sshd[21931]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:37:53 ssh sshd[21939]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:55 ssh sshd[21941]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:37:57 ssh sshd[21942]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:38:00 ssh sshd[21952]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:38:05 ssh sshd[22013]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:38:05 ssh sshd[22014]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)
Jun 27 03:38:13 ssh sshd[22035]: refused connect from ::ffff:58.41.2.138 (::ffff:58.41.2.138)
Jun 27 03:38:14 ssh sshd[22039]: refused connect from ::ffff:117.81.236.79 (::ffff:117.81.236.79)

server · 发表于 2010-6-27 13:26:58

kill 1007
userdel -r 1007

		自动登录	找回密码
密码			注册

[疑问] 进程里多了个1007用户的进程，怎么回事啊！

回复 3# 的帖子

评分