Re: OT: Re: See what a weak password will get ya?

Thu, 22 Jul 2004 20:51:38 -0700 

* s. keeling <[EMAIL PROTECTED]> [2004-07-22 22:03]:
> Incoming from Paul Stolp:
> > I checked in on some bittorrent progress today at lunch, noticed my
> > process monitor showing full activity. Ran top, saw user "guest" logged
> > on, running 4 instances of a program named "t", and short term load
> > average over 4. AARRRRGGGHHH!
> > shutdown -h now  !
> > pull network cable
> > reboot
> > look for damage, whew, I was O.K. -- I'm sure it helps to be up to date
> ...................^^^^^^^^^^^^^^^^
> 
> How did you manage to verify that?  Are you running chkrootkit?
> tripwire?  Something else?

chkrootkit, plus verification of md5sums of certain binaries.

> 
> (0) keeling /home/keeling_ host smenlove.home.ro
> smenlove.home.ro        A       81.196.20.133
> 
> (0) keeling /home/keeling_ ripe 81.196.20.133
> inetnum:      81.196.20.128 - 81.196.20.159
> netname:      RO-RDS-HOME-RO
> descr:        Home.RO / Go.RO
> country:      RO
> admin-c:      HAD6-RIPE
> tech-c:       HAD6-RIPE
> status:       ASSIGNED PA
> remarks:      INFRA-AW
> remarks:      +-----------------------------------------------------------+
> remarks:      | ABUSE CONTACT: [EMAIL PROTECTED] IN CASE OF HACK ATTACKS,     |
> remarks:      | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.    |
> remarks:      +-----------------------------------------------------------+
> ...
> 

Reported.

> 
> > Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from
> > 156.17.99.11
> >  port 37228 ssh2
> >  Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user
> >  guest by (
> >  uid=0)
> ...^^^^^
> 
maybe I'm missing something, but isn't that how sshd works? That's what
I get logging in from my usual account...

> > Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from
> > 80.110.102.105 port 3938 ssh2
> > Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user
> > guest by (uid=0)
> > Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure;
                                                                   ^^^^^^^
> > logname=guest uid=1002 euid=0 tty= ruser=
> .........................^^^^^^
> 
> 
> > Just wanted to share the need for strong passwords.
> 
> Not to mention backups and fresh installation media?
> 

You better believe it!
-- 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to