TO preface this i have been noticing alot of attempts to login from China. I have been looking into ways to block an ip after a certain amount of invalid attempts or just block china all together. Also to preface, I was not awake at 8am this morning.
Found a file .ssh and within is a file called known_hosts
18.104.22.168 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsLW3V2jo1SGiVZMLam2Z2/7TK3LhGuFW1gkZMdQbun0OkfH7hS4fiBbiEfHLkxnYZMmrxUhB5wBky4JuYnG3634HdxCcrz6l+yBS0YBcg+y9flVopaaW1xHA36dlVhzK62dnAFf1OO3pDlZv/ukMKP5WPoYaacsMGalYQUHFZUR/vVY+yqgb+bDj0Z0tXOBTUhuER/vYN54S77orZxMaCekWVvu5EqqApFx052zM5I+4dX8C01F0e4S/mqakru4VMpDe2AWoKaukfYWWQ4J81kAgjDbTBIJnYVcp5Tz8Kugy5NQdLZvrUFV00dxxv+VpoLPwKuYwqBwSPWTZ7GD91Q==
the ip address is a chineese one, does this mean they got access? So i go check other logs.
… log to big post… here is link to dl if interested
Jul 24 08:09:50 SHATTERED sshd: Accepted keyboard-interactive/pam for root from 192.168.1.135 port 1611 ssh2
The ip address listed is that of my laptop, but like i said i was not awake and the laptop was on my desk in my room
Also if you read threw the entire log you can see that routes were added and then my firewall was disabled ( and it looks like the could have even restarted the box)
So after noticing this i turn off box as i had to give roomate ride to work, come back and turn on and it wont boot up. Turned on the monitor and its just a black screen. Restart again, Now in grup there is the usual SUSE linux and Failsafe options, But now there is also
I tried to boot them to see if anything would come up and it looks like vmware booting, but then says no boot disk… I do not have vmware installed and those options were never there…
The server will not boot unless booted in failsafe mode.
Im pretty sure i know the answer but, have i been hacked? and if so why does it look like my laptop gained access and not some internet IP
also some of the ip’s in the log i ran a whois on and it returns black hole