Hacked? Or Not
May 9, 2007I have a new server and I have hardened it with csf+lfd. It's about 65/70 in the cfs score.
This morning, I noted that lfd log sent me an email saying there is a SSH login via 207.210.233.128 on 10th May 2007. I am not sure whether it was a successful login or not?
Here is the output:
=================
Time: Thu May 10 01:31:52 2007IP: 207.210.233.128 (Unknown)Account: rootMethod: password authentication
========================
I know for sure that I did not login my SSH yesterday.
However, when I logged in SSH this morning, it says in telnet that my last login was from my own home computer's IP, so from that it looks like no one else has logged in SSH since last time I logged in myself.
Was my server intruded or was lfd just playing up?