OT: Re: See what a weak password will get ya?
Incoming from Paul Stolp:
> I checked in on some bittorrent progress today at lunch, noticed my
> process monitor showing full activity. Ran top, saw user "guest" logged
> on, running 4 instances of a program named "t", and short term load
> average over 4. AARRRRGGGHHH!
> shutdown -h now !
> pull network cable
> reboot
> look for damage, whew, I was O.K. -- I'm sure it helps to be up to date
...................^^^^^^^^^^^^^^^^
How did you manage to verify that? Are you running chkrootkit?
tripwire? Something else?
(0) keeling /home/keeling_ host smenlove.home.ro
smenlove.home.ro A 81.196.20.133
(0) keeling /home/keeling_ ripe 81.196.20.133
inetnum: 81.196.20.128 - 81.196.20.159
netname: RO-RDS-HOME-RO
descr: Home.RO / Go.RO
country: RO
admin-c: HAD6-RIPE
tech-c: HAD6-RIPE
status: ASSIGNED PA
remarks: INFRA-AW
remarks: +-----------------------------------------------------------+
remarks: | ABUSE CONTACT: abuse@home.ro IN CASE OF HACK ATTACKS, |
remarks: | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. |
remarks: +-----------------------------------------------------------+
...
(0) keeling /home/keeling_ ripe 131.234.157.10
inetnum: 131.234.0.0 - 131.234.255.255
netname: UNIPADERBORN
descr: Universitaet Paderborn
country: DE
...
(0) keeling /home/keeling_ host 80.110.102.105
Name: chello080110102105.508.15.vie.surfer.at
Address: 80.110.102.105
(0) keeling /home/keeling_ ripe 80.110.102.105
inetnum: 80.110.48.0 - 80.110.118.255
netname: VIE-15-CUSTOMER-LANCITY
descr: chello Austria
descr: Lancity Customers in Vienna, Headend 15
country: AT
admin-c: HMCB1-RIPE
tech-c: HMCB1-RIPE
status: ASSIGNED PA
remarks: Contact abuse@chello.at concerning criminal
remarks: activities like spam, hacks, portscans
> Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from
> 156.17.99.11
> port 37228 ssh2
> Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user
> guest by (
> uid=0)
...^^^^^
> Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from
> 80.110.102.105 port 3938 ssh2
> Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user
> guest by (uid=0)
> Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure;
> logname=guest uid=1002 euid=0 tty= ruser=
.........................^^^^^^
> Just wanted to share the need for strong passwords.
Not to mention backups and fresh installation media?
--
Any technology distinguishable from magic is insufficiently advanced.
(*) http://www.spots.ab.ca/~keeling
- -
Reply to: