[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

OT: Re: See what a weak password will get ya?

Incoming from Paul Stolp:
> I checked in on some bittorrent progress today at lunch, noticed my
> process monitor showing full activity. Ran top, saw user "guest" logged
> on, running 4 instances of a program named "t", and short term load
> average over 4. AARRRRGGGHHH!
> shutdown -h now  !
> pull network cable
> reboot
> look for damage, whew, I was O.K. -- I'm sure it helps to be up to date

How did you manage to verify that?  Are you running chkrootkit?
tripwire?  Something else?

(0) keeling /home/keeling_ host smenlove.home.ro
smenlove.home.ro        A

(0) keeling /home/keeling_ ripe
inetnum: -
netname:      RO-RDS-HOME-RO
descr:        Home.RO / Go.RO
country:      RO
admin-c:      HAD6-RIPE
tech-c:       HAD6-RIPE
status:       ASSIGNED PA
remarks:      INFRA-AW
remarks:      +-----------------------------------------------------------+
remarks:      | ABUSE CONTACT: abuse@home.ro IN CASE OF HACK ATTACKS,     |
remarks:      +-----------------------------------------------------------+

(0) keeling /home/keeling_ ripe
inetnum: -
netname:      UNIPADERBORN
descr:        Universitaet Paderborn
country:      DE

(0) keeling /home/keeling_ host
Name: chello080110102105.508.15.vie.surfer.at

(0) keeling /home/keeling_ ripe
inetnum: -
netname:      VIE-15-CUSTOMER-LANCITY
descr:        chello Austria
descr:        Lancity Customers in Vienna, Headend 15
country:      AT
admin-c:      HMCB1-RIPE
tech-c:       HMCB1-RIPE
status:       ASSIGNED PA
remarks:      Contact abuse@chello.at concerning criminal
remarks:      activities like spam, hacks, portscans

> Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from
>  port 37228 ssh2
>  Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user
>  guest by (
>  uid=0)

> Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from
> port 3938 ssh2
> Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user
> guest by (uid=0)
> Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure;
> logname=guest uid=1002 euid=0 tty= ruser=

> Just wanted to share the need for strong passwords.

Not to mention backups and fresh installation media?

Any technology distinguishable from magic is insufficiently advanced.
(*)               http://www.spots.ab.ca/~keeling 
- -

Reply to: