[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: need help with openssh attack

On Fri, 30 Dec 2011, Taz <taz.inside@gmail.com> wrote:
> of course, i've double changed all password and regenerated ssh keys.

Are the SSH and PAM settings doing what you think?  I suggest carefully 
examining the contents of /etc to see what has been changed from the default.

A new sshd vulnerability that allows remote access would be worth a lot of 
money, it would initially only be used on the most important systems and 
people who use it would be careful not to reveal what they have.  When an 
exploit that is used by attackers becomes known and gets fixed the people who 
were using it lose money.

If there was a hole in sshd would your server be important enough to justify 
the risk?  Also would they use and risk a valuable sshd exploit on a mere 
spam-bot?

http://etbe.coker.com.au/2011/12/31/server-cracked/

As an aside, the above blog post has information on how one of my servers was 
cracked.  It could be the same way that yours was.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/
Reply to: