OT: Re: See what a weak password will get ya?

To: debian-user@lists.debian.org
Subject: OT: Re: See what a weak password will get ya?
From: "s. keeling" <keeling@spots.ab.ca>
Date: Thu, 22 Jul 2004 20:49:21 -0600
Message-id: <[🔎] 20040723024921.GB16258@infidel.spots.ab.ca>
In-reply-to: <[🔎] 20040722224253.GA3895@greta.homelinux.net>
References: <[🔎] 20040722224253.GA3895@greta.homelinux.net>

Incoming from Paul Stolp:
> I checked in on some bittorrent progress today at lunch, noticed my
> process monitor showing full activity. Ran top, saw user "guest" logged
> on, running 4 instances of a program named "t", and short term load
> average over 4. AARRRRGGGHHH!
> shutdown -h now  !
> pull network cable
> reboot
> look for damage, whew, I was O.K. -- I'm sure it helps to be up to date
...................^^^^^^^^^^^^^^^^

How did you manage to verify that?  Are you running chkrootkit?
tripwire?  Something else?

(0) keeling /home/keeling_ host smenlove.home.ro
smenlove.home.ro        A       81.196.20.133

(0) keeling /home/keeling_ ripe 81.196.20.133
inetnum:      81.196.20.128 - 81.196.20.159
netname:      RO-RDS-HOME-RO
descr:        Home.RO / Go.RO
country:      RO
admin-c:      HAD6-RIPE
tech-c:       HAD6-RIPE
status:       ASSIGNED PA
remarks:      INFRA-AW
remarks:      +-----------------------------------------------------------+
remarks:      | ABUSE CONTACT: abuse@home.ro IN CASE OF HACK ATTACKS,     |
remarks:      | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.    |
remarks:      +-----------------------------------------------------------+
...

(0) keeling /home/keeling_ ripe 131.234.157.10
inetnum:      131.234.0.0 - 131.234.255.255
netname:      UNIPADERBORN
descr:        Universitaet Paderborn
country:      DE
...

(0) keeling /home/keeling_ host 80.110.102.105
Name: chello080110102105.508.15.vie.surfer.at
Address: 80.110.102.105

(0) keeling /home/keeling_ ripe 80.110.102.105
inetnum:      80.110.48.0 - 80.110.118.255
netname:      VIE-15-CUSTOMER-LANCITY
descr:        chello Austria
descr:        Lancity Customers in Vienna, Headend 15
country:      AT
admin-c:      HMCB1-RIPE
tech-c:       HMCB1-RIPE
status:       ASSIGNED PA
remarks:      Contact abuse@chello.at concerning criminal
remarks:      activities like spam, hacks, portscans

> Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from
> 156.17.99.11
>  port 37228 ssh2
>  Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user
>  guest by (
>  uid=0)
...^^^^^

> Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from
> 80.110.102.105 port 3938 ssh2
> Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user
> guest by (uid=0)
> Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure;
> logname=guest uid=1002 euid=0 tty= ruser=
.........................^^^^^^


> Just wanted to share the need for strong passwords.

Not to mention backups and fresh installation media?


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)               http://www.spots.ab.ca/~keeling 
- -

Reply to:

Follow-Ups:
- Re: OT: Re: See what a weak password will get ya?
  - From: Paul Stolp <paulywall@myrealbox.com>

References:
- See what a weak password will get ya?
  - From: Paul Stolp <paulywall@myrealbox.com>

Prev by Date: Re: Building 2.6.x kernel
Next by Date: Re: See what a weak password will get ya?
Previous by thread: Re: See what a weak password will get ya?
Next by thread: Re: OT: Re: See what a weak password will get ya?
Index(es):
- Date
- Thread