danilotaveira at uol
Feb 12, 2005, 5:59 PM
Hi, one of my servers has been compromised. The person who did it changed
the ssh binary to log every ssh attempt to /usr/local/doc/.sh.
On this file each attempt is recorded in this way:
Is it some known exploit or it is a special ssh version compiled by the