[mythtv-users] ssh attack
Kevin Kuphal
kuphal at dls.net
Thu Dec 29 21:51:17 EST 2005
Darren Hart wrote:
> I'm sure nobody here is dumb enough to do this, but since I was,
> thought I'd pass the word.
>
> There is an ssh attack going around with a brute force login using
> 2187 different username/password pairs, one such pair happens to be:
>
> mythtv:mythtv
>
> Likle I said, I'm sure noone else but me thought that was a good idea
> :-) Once in they must ahve found some app to exploit and get root,
> then it starts scanning addresses - to propogate I guess. There are
> some indications that cupsys may have been the culprit there. Anyway,
> just a heads up, it manifests itself with several sshf processes
> running (78 in my case) and lots of failed login attempts in
> /var/log/auth.log*
For clarity, this only affects users that have port forwarded the SSH
port from their firewall to their MythTV box or (God forbid) have their
mythtv system directly attached to the Internet with no firewall.
Still, a good thing to note. Strong passwords are good practice no
matter what the system.
Kevin
More information about the mythtv-users
mailing list