Re: OT: Re: See what a weak password will get ya?

To: debian-user@lists.debian.org
Subject: Re: OT: Re: See what a weak password will get ya?
From: Paul Stolp <paulywall@myrealbox.com>
Date: Thu, 22 Jul 2004 22:19:18 -0500
Message-id: <[🔎] 20040723031918.GB2506@greta.homelinux.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20040723024921.GB16258@infidel.spots.ab.ca>
References: <[🔎] 20040722224253.GA3895@greta.homelinux.net> <[🔎] 20040723024921.GB16258@infidel.spots.ab.ca>

* s. keeling <keeling@spots.ab.ca> [2004-07-22 22:03]:
> Incoming from Paul Stolp:
> > I checked in on some bittorrent progress today at lunch, noticed my
> > process monitor showing full activity. Ran top, saw user "guest" logged
> > on, running 4 instances of a program named "t", and short term load
> > average over 4. AARRRRGGGHHH!
> > shutdown -h now  !
> > pull network cable
> > reboot
> > look for damage, whew, I was O.K. -- I'm sure it helps to be up to date
> ...................^^^^^^^^^^^^^^^^
> 
> How did you manage to verify that?  Are you running chkrootkit?
> tripwire?  Something else?

chkrootkit, plus verification of md5sums of certain binaries.

> 
> (0) keeling /home/keeling_ host smenlove.home.ro
> smenlove.home.ro        A       81.196.20.133
> 
> (0) keeling /home/keeling_ ripe 81.196.20.133
> inetnum:      81.196.20.128 - 81.196.20.159
> netname:      RO-RDS-HOME-RO
> descr:        Home.RO / Go.RO
> country:      RO
> admin-c:      HAD6-RIPE
> tech-c:       HAD6-RIPE
> status:       ASSIGNED PA
> remarks:      INFRA-AW
> remarks:      +-----------------------------------------------------------+
> remarks:      | ABUSE CONTACT: abuse@home.ro IN CASE OF HACK ATTACKS,     |
> remarks:      | ILLEGAL ACTIVITY, VIOLATION, SCANS, PROBES, SPAM, ETC.    |
> remarks:      +-----------------------------------------------------------+
> ...
> 

Reported.

> 
> > Jul 22 10:24:39 greta sshd[22405]: Accepted password for guest from
> > 156.17.99.11
> >  port 37228 ssh2
> >  Jul 22 10:24:39 greta sshd[22407]: (pam_unix) session opened for user
> >  guest by (
> >  uid=0)
> ...^^^^^
> 
maybe I'm missing something, but isn't that how sshd works? That's what
I get logging in from my usual account...

> > Jul 22 12:09:33 greta sshd[22595]: Accepted password for guest from
> > 80.110.102.105 port 3938 ssh2
> > Jul 22 12:09:33 greta sshd[22597]: (pam_unix) session opened for user
> > guest by (uid=0)
> > Jul 22 12:12:45 greta passwd[22663]: (pam_unix) authentication failure;
                                                                   ^^^^^^^
> > logname=guest uid=1002 euid=0 tty= ruser=
> .........................^^^^^^
> 
> 
> > Just wanted to share the need for strong passwords.
> 
> Not to mention backups and fresh installation media?
> 

You better believe it!
--

Reply to:

Follow-Ups:
- Re: OT: Re: See what a weak password will get ya?
  - From: "s. keeling" <keeling@spots.ab.ca>

References:
- See what a weak password will get ya?
  - From: Paul Stolp <paulywall@myrealbox.com>
- OT: Re: See what a weak password will get ya?
  - From: "s. keeling" <keeling@spots.ab.ca>

Prev by Date: Re: See what a weak password will get ya?
Next by Date: Re: See what a weak password will get ya?
Previous by thread: OT: Re: See what a weak password will get ya?
Next by thread: Re: OT: Re: See what a weak password will get ya?
Index(es):
- Date
- Thread