Hi all, sometimes I?m checking status of my server with phpSysInfo, always is all right, but at May 8 I was experienced a "big deviation". My machine was online for 12 days, but net statistics are reseted. I was checked /proc/net/dev and there are reseted net statistics too. How is this possible? Just before I was experienced this problem I was updating two packages with yum (perl-HTML-Parser.i386 3.56-5.el5 and epel-release.noarch 5-3). In /var/log/messages is nothing about it. At the same day someone attemped to log in to ssh (attack was about 10 hours long, but its impossible to break my server - I?m using private key allowed only from my IP and in AllowUsers is only root) so I don?t know, how is this possible. Thank you for answers -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080511/89af4ae1/attachment.html>
On Sun, May 11, 2008 at 5:56 AM, happymaster23 <happymaster23 at gmail.com> wrote:> > Just before I was experienced this problem I was updating two packages with > yum (perl-HTML-Parser.i386 3.56-5.el5 and epel-release.noarch 5-3). In > /var/log/messages is nothing about it. At the same day someone attemped to > log in to ssh (attack was about 10 hours long, but its impossible to break > my server - I?m using private key allowed only from my IP and in AllowUsers > is only root) so I don?t know, how is this possible.Network stats are based on a 32bit number if I recall. When you have passed enough traffic, that number will roll over and begin again. If you want to monitor traffic, phpsysinfo really isn't the way to do it. Use cacti or mrtg to poll the system periodically and record the stats. It takes into account network rollover. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell
On Sun, May 11, 2008 at 5:56 AM, happymaster23 <happymaster23 at gmail.com> wrote:> but its impossible to break my serverThese days it's very hard to state that. I would not bet any money on it. The only way to be really sure the server cannot be hacked is to disconnect the network cables (and maybe the power cables too!)> I?m using private key allowed only from my IP and in AllowUsers > is only root) so I don?t know, how is this possible.Consider using AllowUsers to a user other than root and then using "su" for extra protection. Also consider that if you tell someone exactly what security measures you are taking, that would help them come up with a strategy on how to attack you. Filipe
on 5-11-2008 2:56 AM happymaster23 spake the following:> Hi all, > > sometimes I?m checking status of my server with phpSysInfo, always is > all right, but at May 8 I was experienced a "big deviation". My machine > was online for 12 days, but net statistics are reseted. I was checked > /proc/net/dev and there are reseted net statistics too. How is this > possible? > > Just before I was experienced this problem I was updating two packages > with yum (perl-HTML-Parser.i386 3.56-5.el5 and epel-release.noarch 5-3). > In /var/log/messages is nothing about it. At the same day someone > attemped to log in to ssh (attack was about 10 hours long, but its > impossible to break my server -Keep fooling yourself. Difficult to breal into-- maybe, but impossible -- I really doubt it. Every server can be broken into. Just some of them aren't worth the time it might take. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080512/1b4382a4/attachment.sig>