Re: need help with openssh attack

To: debian-security@lists.debian.org
Subject: Re: need help with openssh attack
From: consul tores <consultores1@gmail.com>
Date: Mon, 9 Jan 2012 22:53:30 -0800
Message-id: <CAFxkjqmP7hWj3A+==5r1gRtUedW4Md-2rhLJQi0brNSCuHtSrw@mail.gmail.com>
In-reply-to: <CA+0W4N=At0EsJ+Y3d8DRZW8u+S6Tcr6BCUha+W+U5rL-80v8QA@mail.gmail.com>
References: <CA+0W4N=At0EsJ+Y3d8DRZW8u+S6Tcr6BCUha+W+U5rL-80v8QA@mail.gmail.com>

2011/12/29, Taz <taz.inside@gmail.com>:
> Hello, we've got various debian servers, about 15, with different
> versions. All of them have been attacked today and granted root
> access.
> Can anybody help? We can give ssh access to attacked machine, it seems
> to be serious ssh vulnerability.
>
> How can i contact openssh mnt?
>
> Thank you.

Hello Taz

Could you please expand your technical explanation?
a. do you use keys+passphrases or keys or passwords?
b. how many people have a key or password?
c. could you show sshd_config at pastebin?
d. how many servers were really compromised?

Thanks so much for your attention.

PS:
You can determine how they were compromised by coincidences in
sshd_config or other config file.

Reply to:

Prev by Date: ODP: [SECURITY] [DSA 2383-1] super security update
Next by Date: Default valid shells and home dir permissions
Previous by thread: Re: need help with openssh attack
Next by thread: ODP: [SECURITY] [DSA 2383-1] super security update
Index(es):
- Date
- Thread