Looking at the system logs for my fedora box and…
May 14 05:01:01 server crond(pam_unix)[9387]: session opened for user root by (uid=0)
May 14 05:01:01 server crond(pam_unix)[9387]: session closed for user root
May 14 06:01:01 server crond(pam_unix)[9397]: session opened for user root by (uid=0)
May 14 06:01:01 server crond(pam_unix)[9397]: session closed for user root
May 14 07:01:01 server crond(pam_unix)[9407]: session opened for user root by (uid=0)
May 14 07:01:01 server crond(pam_unix)[9407]: session closed for user root
May 14 07:21:01 server gdm(pam_unix)[9417]: bad username []
May 14 07:21:02 server gdm-binary[9417]: Couldn't authenticate user
May 14 07:21:07 server gdm(pam_unix)[9417]: bad username []
May 14 07:21:08 server gdm-binary[9417]: Couldn't authenticate user
May 14 07:21:12 server gdm(pam_unix)[9417]: bad username [%systemroot%\system32\cmd.exe]
So somebody or a script of some kind is trying to log onto it (it happens alot actually if i look back)
Doesn’t look like they are getting on and there is little i can do to shield the machine as i use vnc to get into it too, should i worry ?