Re: need help with openssh attack
On Fri, 30 Dec 2011, Taz <taz.inside@gmail.com> wrote:
> of course, i've double changed all password and regenerated ssh keys.
Are the SSH and PAM settings doing what you think? I suggest carefully
examining the contents of /etc to see what has been changed from the default.
A new sshd vulnerability that allows remote access would be worth a lot of
money, it would initially only be used on the most important systems and
people who use it would be careful not to reveal what they have. When an
exploit that is used by attackers becomes known and gets fixed the people who
were using it lose money.
If there was a hole in sshd would your server be important enough to justify
the risk? Also would they use and risk a valuable sshd exploit on a mere
spam-bot?
http://etbe.coker.com.au/2011/12/31/server-cracked/
As an aside, the above blog post has information on how one of my servers was
cracked. It could be the same way that yours was.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: