On 4/29/05, Jack quiet_celt@yahoo.com wrote:
I forgot to mention, that somehow these attackers are using two real accounts on the machine. Perhaps one or more of the attackers was thev previous attacker. Or possibly, they got the user id from my mail server. I had a configuration that I forgot to shut off that would respond to requests for user mail accounts. That's been turned off. I may consider deleting those accounts and creating new ones.
So by "real accounts" you mean an email account on the mail server? Or are you meaning shell account? And how are they trying to "break in"? ssh? Is this box up-to-date no missed security patches? And is this box behind a firewall with mail port fowarded to it?