Re: need help with openssh attack

To: Taz <taz.inside@gmail.com>
Cc: debian-security@lists.debian.org
Subject: Re: need help with openssh attack
From: Serge Dewailly <serge.dewailly@openevents.fr>
Date: Thu, 29 Dec 2011 16:44:05 +0100
Message-id: <[🔎] 4EFC8AC5.3070908@openevents.fr>
In-reply-to: <[🔎] CA+0W4N=At0EsJ+Y3d8DRZW8u+S6Tcr6BCUha+W+U5rL-80v8QA@mail.gmail.com>
References: <[🔎] CA+0W4N=At0EsJ+Y3d8DRZW8u+S6Tcr6BCUha+W+U5rL-80v8QA@mail.gmail.com>

Others things you can do :
  * install chkrootkit
  * look if no ssh authorized key have been installed (/root/.ssh/)
  * look at /etc/passwd file to be sure no new user has been created
  * look at sudo (visudo) to be sure that no unsecure rule has been added
  * change your root password
  * change your sshd port

It should let you some time to backup and analyse what appened indetails...


--
Serge Dewailly - Administrateur Système


Le 29/12/11 15:04, Taz a écrit :

Hello, we've got various debian servers, about 15, with different
versions. All of them have been attacked today and granted root
access.
Can anybody help? We can give ssh access to attacked machine, it seems
to be serious ssh vulnerability.

How can i contact openssh mnt?

Thank you.

Reply to:

References:
- need help with openssh attack
  - From: Taz <taz.inside@gmail.com>

Prev by Date: Re: need help with openssh attack
Next by Date: RE: need help with openssh attack
Previous by thread: Re: need help with openssh attack
Next by thread: RE: need help with openssh attack
Index(es):
- Date
- Thread