Re: OT: Re: See what a weak password will get ya?
* s. keeling <keeling@spots.ab.ca> [2004-07-22 22:03]:
> Incoming from Paul Stolp:
> > I checked in on some bittorrent progress today at lunch, noticed my
> > process monitor showing full activity. Ran top, saw user "guest" logged
> > on, running 4 instances of a program named "t", and short term load
> > average over 4. AARRRRGGGHHH!
> > shutdown -h now !
> > pull network cable
> > reboot
> > look for damage, whew, I was O.K. -- I'm sure it helps to be up to date
> ...................^^^^^^^^^^^^^^^^
>
> How did you manage to verify that? Are you running chkrootkit?
> tripwire? Something else?
chkrootkit, plus verification of md5sums of certain binaries.
>
> (0) keeling /home/keeling_ host smenlove.home.ro
> smenlove.home.ro A 81.196.20.133
>
> (0) keeling /home/keeling_ ripe 81.196.20.133
> inetnum: 81.196.20.128 - 81.196.20.159
> netname: RO-RDS-HOME-RO
> descr: Home.RO / Go.RO
> country: RO
> admin-c: HAD6-RIPE
> tech-c: HAD6-RIPE
> status: ASSIGNED PA
> remarks: INFRA-AW
> remarks: +-----------------------------------------------------------+
> remarks: | ABUSE CONTACT: abuse@home.ro IN CASE OF HACK ATTACKS, |
> remarks: | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC. |
> remarks: +-----------------------------------------------------------+
> ...
>
Reported.
>
> > Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from
> > 156.17.99.11
> > port 37228 ssh2
> > Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user
> > guest by (
> > uid=0)
> ...^^^^^
>
maybe I'm missing something, but isn't that how sshd works? That's what
I get logging in from my usual account...
> > Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from
> > 80.110.102.105 port 3938 ssh2
> > Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user
> > guest by (uid=0)
> > Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure;
^^^^^^^
> > logname=guest uid=1002 euid=0 tty= ruser=
> .........................^^^^^^
>
>
> > Just wanted to share the need for strong passwords.
>
> Not to mention backups and fresh installation media?
>
You better believe it!
--
Reply to: