[mythtv-users] ssh attack

Kevin Kuphal kuphal at dls.net
Thu Dec 29 21:51:17 EST 2005


Darren Hart wrote:

> I'm sure nobody here is dumb enough to do this, but since I was, 
> thought I'd pass the word.
>
> There is an ssh attack going around with a brute force login using 
> 2187 different username/password pairs, one such pair happens to be:
>
> mythtv:mythtv
>
> Likle I said, I'm sure noone else but me thought that was a good idea 
> :-)  Once in they must ahve found some app to exploit and get root, 
> then it starts scanning addresses - to propogate I guess.  There are 
> some indications that cupsys may have been the culprit there.  Anyway, 
> just a heads up, it manifests itself with several sshf processes 
> running (78 in my case) and lots of failed login attempts in 
> /var/log/auth.log*

For clarity, this only affects users that have port forwarded the SSH 
port from their firewall to their MythTV box or (God forbid) have their 
mythtv system directly attached to the Internet with no firewall.  
Still, a good thing to note.   Strong passwords are good practice no 
matter what the system.

Kevin


More information about the mythtv-users mailing list