My first thought was, "Oh damn, how do I determine if I have been compromised?"
My second thought was, "Why bother, I've surely been rooted by now."
My third thought was, "Wait a minute, I'm reading this on an unpatched Win2k machine that has been up for 3 months now. Oh yeah, my router must be doing its job."
Thank God for $50 hardware firewalls, because I wouldn't bother owning a computer if I had keep iptables and a Windows firewall up to date.
That said, this was probably all an elaborate phishing attack which succeded on getting me to admit there is a mythtv/mythtv account on my myth box.
On 12/29/05, Darren Hart <[EMAIL PROTECTED]> wrote:
I'm sure nobody here is dumb enough to do this, but since I was, thought I'd
pass the word.
There is an ssh attack going around with a brute force login using 2187
different username/password pairs, one such pair happens to be:
mythtv:mythtv
Likle I said, I'm sure noone else but me thought that was a good idea :-) Once
in they must ahve found some app to exploit and get root, then it starts
scanning addresses - to propogate I guess. There are some indications that
cupsys may have been the culprit there. Anyway, just a heads up, it manifests
itself with several sshf processes running (78 in my case) and lots of failed
login attempts in /var/log/auth.log*
--Darren
_______________________________________________
mythtv-users mailing list
[email protected]
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
_______________________________________________ mythtv-users mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
