When logging into Webmin from my remote laptop browser I entered my password into the "User" text box by accident. In the past, if I ever enter a password in cleartext anywhere, I create a new password. I don't want to do that if I can help it…
I just assembled and setup a server running UbuntuServer 12.04. I'm the only root user. I haven't even added other users, but plan to do so in the near future for guest access.
I looked inside /var/log/auth.log and can see:
Dec 13 17:09:07 glados webmin[4765]: Invalid login as from 12.34.56.78
Dec 13 17:09:11 glados perl[4766]: pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty=10000 ruser= rhost=12.34.56.78 user=root
Dec 13 17:09:13 glados webmin[4766]: Invalid login as root from 12.34.56.78
Dec 13 17:09:17 glados perl[4775]: pam_unix(webmin:auth): authentication failure; logname= uid=0 euid=0 tty=10000 ruser= rhost=12.34.56.78 user=root
The bolded text above doesn't show the login name, if I am interpreting this log file correctly. I included another failed login attempt (17:09:13) which shows that root tried logging in. Is there another location that would contain more logs?
This is my first time setting up a server, I'd appreciate any help. Thank you.
~~~~~~~~~~~~~~~~~~
Edit:
I played around with the login system… I tried logging in as non-existent user "shirley" and the log showed a failed attempt by "shirley". Is the program smart enough to not log the password as a username? I ran cat auth.log | grep part_of_my_password and couldn't find anything. I'm thinking I'm clear… unless there is another logging location.
Best Answer
If you have apache2 running on the system, check /var/log/apache2/access.log ? I usually get ping records from that log and it was beneficial for me.
People would would "generally" able to access your host would be port :80 :443 :21 :20 :22, I believe. So, check your http engine log (like apache2); ftp access log; and syslog/ssh. Maybe that direction would give you more insight in find out about unauthorized attempts.