[mythtv-users] ssh attack
Chris Ribe
chrisribe at gmail.com
Thu Dec 29 20:40:52 EST 2005
You made me panic for a second there, Darren.
My first thought was, "Oh damn, how do I determine if I have been
compromised?"
My second thought was, "Why bother, I've surely been rooted by now."
My third thought was, "Wait a minute, I'm reading this on an unpatched Win2k
machine that has been up for 3 months now. Oh yeah, my router must be doing
its job."
Thank God for $50 hardware firewalls, because I wouldn't bother owning a
computer if I had keep iptables and a Windows firewall up to date.
That said, this was probably all an elaborate phishing attack which succeded
on getting me to admit there is a mythtv/mythtv account on my myth box.
On 12/29/05, Darren Hart <darren at dvhart.com> wrote:
>
> I'm sure nobody here is dumb enough to do this, but since I was, thought
> I'd
> pass the word.
>
> There is an ssh attack going around with a brute force login using 2187
> different username/password pairs, one such pair happens to be:
>
> mythtv:mythtv
>
> Likle I said, I'm sure noone else but me thought that was a good idea
> :-) Once
> in they must ahve found some app to exploit and get root, then it starts
> scanning addresses - to propogate I guess. There are some indications
> that
> cupsys may have been the culprit there. Anyway, just a heads up, it
> manifests
> itself with several sshf processes running (78 in my case) and lots of
> failed
> login attempts in /var/log/auth.log*
>
> --Darren
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-users/attachments/20051229/645315a5/attachment.htm
More information about the mythtv-users
mailing list