Thanks for the responses. I never know about the command "last". Very
cool. I've already found out most of what I needed. It was some guy over
in Russia. Those punks! :-) He left some cool utilz on the hard drive
for me though. A login replacement that logs all usernames and passwords
and a in.ftpd replacement. That's how he got in in the first place. I
was running wu-ftpd 2.5.x... I already know there's tons of documented
exploits with that verison. I've just upgraded to wu-ftpd 2.6 so that
should slow 'em down a little bit.
Don
On 26 Sep 2000, Bill Warner wrote:
> This information is located in the /etc/shadow file. it is refrenced
> in the standard unix time thing (seconds sense jan 1 1970) check
> man shadow for more details
>
> Bill Warner
>
> > Hey guys.
> > At login I get a printout of when the last login occured. Where
> > is that info stored? I want to check out a user on the system but
> > don't want to log in as them. One of the machines I work with had the
> > root account compromised. It's just running a few mushes so it's not that
> > big of deal but I don't want it happening again. I went through it with a
> > fine tooth comb and wouldn't mind it if any of you guys tried to whack at
> > it... Lemme know what you find. The IP is 205.216.140.17
> >
> > Don
> >
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> >
> > Plug-discuss mailing list - Plug-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
>
>
>
(text/plain)