Last update at :2023-12-29,Edit by888u
I have been attacked by SNY for a period of time recently, so I logged in through SSH to see if the vps host was invaded. The specific method can be reverse-checked through the system log. Of course, this website uses the centos system!
Linux check the /var/log/wtmp file to check the suspicious IP login
Command: last -f /var/log/wtmp
The last command obtains this information by accessing this file and displays the user's login records in reverse order from back to front. Last can also display corresponding records based on the user, terminal tty or time. This log file permanently records each user's login and logout, as well as system startup and shutdown events. Therefore, as system uptime increases, the size of this file will increase, and the rate of increase depends on the number of user logins to the system.
If your vps host has been used for a long time, it is recommended to check whether there is any suspicious IP logged in. If you find that it is not your own or not from your friend's area, the password may have been cracked. It is recommended to change the password of the vps host or server immediately!
Recommended site searches: domain name registration website query, registered password retrieval, Guangdong hosting, Hong Kong hosting, free website space, server rental US high defense, Hong Kong vps cloud server, registered domain name purchase, Hong Kong hosting high defense, host space,
发表评论