[mythtv-users] ssh attack

Darren Hart darren at dvhart.com
Thu Dec 29 20:19:14 EST 2005


I'm sure nobody here is dumb enough to do this, but since I was, thought I'd 
pass the word.

There is an ssh attack going around with a brute force login using 2187 
different username/password pairs, one such pair happens to be:

mythtv:mythtv

Likle I said, I'm sure noone else but me thought that was a good idea :-)  Once 
in they must ahve found some app to exploit and get root, then it starts 
scanning addresses - to propogate I guess.  There are some indications that 
cupsys may have been the culprit there.  Anyway, just a heads up, it manifests 
itself with several sshf processes running (78 in my case) and lots of failed 
login attempts in /var/log/auth.log*

--Darren


More information about the mythtv-users mailing list