[mythtv-users] ssh attack
Darren Hart
darren at dvhart.com
Thu Dec 29 20:19:14 EST 2005
I'm sure nobody here is dumb enough to do this, but since I was, thought I'd
pass the word.
There is an ssh attack going around with a brute force login using 2187
different username/password pairs, one such pair happens to be:
mythtv:mythtv
Likle I said, I'm sure noone else but me thought that was a good idea :-) Once
in they must ahve found some app to exploit and get root, then it starts
scanning addresses - to propogate I guess. There are some indications that
cupsys may have been the culprit there. Anyway, just a heads up, it manifests
itself with several sshf processes running (78 in my case) and lots of failed
login attempts in /var/log/auth.log*
--Darren
More information about the mythtv-users
mailing list