[...] > scripts trying to "brute-force" usernames and passwords do exist
As that's potentially useful information: So far, I've encountered two systems which were successfully 'broken into' (sort of) by automated ssh scanners (term). In both cases, this happened because of an accidentally exposed special purpose non-root account. Once, someone was so prudent to create a test account with a username of test and password test and never deleted that. This was discovered months after the fact and after access had accidentally been cut off by restricting ssh logins to members of a certain group. The second time was with an account created for one-time ftp upload of something (using upload/ upload) which had ssh access and had accidentally left active after the upload happened. It was my fault this time and my 'workstation' (at that time) thus got broken into. I noticed this shortly afterwards because nearly all available CPU time and bandwidth got eaten by ssh scanning processes now running on this machine. In both cases, this was a fully automated procedure, brute force account, download the scanning software from the 'attacking' computer, install it below /var/tmp and start it on the new computer. No humans were ever involved. This is really some kind of primitive 'internet vermin' someone set lose at some point in time and since then, it's alive and replicates itself as good as it can. _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
