On Fri, 30 Dec 2011, Taz <taz.ins...@gmail.com> wrote: > of course, i've double changed all password and regenerated ssh keys.
Are the SSH and PAM settings doing what you think? I suggest carefully examining the contents of /etc to see what has been changed from the default. A new sshd vulnerability that allows remote access would be worth a lot of money, it would initially only be used on the most important systems and people who use it would be careful not to reveal what they have. When an exploit that is used by attackers becomes known and gets fixed the people who were using it lose money. If there was a hole in sshd would your server be important enough to justify the risk? Also would they use and risk a valuable sshd exploit on a mere spam-bot? http://etbe.coker.com.au/2011/12/31/server-cracked/ As an aside, the above blog post has information on how one of my servers was cracked. It could be the same way that yours was. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201112311314.38787.russ...@coker.com.au
