I'm sure nobody here is dumb enough to do this, but since I was, thought I'd
pass the word.
There is an ssh attack going around with a brute force login using 2187
different username/password pairs, one such pair happens to be:
mythtv:mythtv
Likle I said, I'm sure noone else but me thought that was a good idea :-) Once
in they must ahve found some app to exploit and get root, then it starts
scanning addresses - to propogate I guess. There are some indications that
cupsys may have been the culprit there. Anyway, just a heads up, it manifests
itself with several sshf processes running (78 in my case) and lots of failed
login attempts in /var/log/auth.log*
--Darren
_______________________________________________
mythtv-users mailing list
[email protected]
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
