[mythtv-users] ssh attack
chrisribe at gmail.com
Thu Dec 29 20:40:52 EST 2005
You made me panic for a second there, Darren.
My first thought was, "Oh damn, how do I determine if I have been
My second thought was, "Why bother, I've surely been rooted by now."
My third thought was, "Wait a minute, I'm reading this on an unpatched Win2k
machine that has been up for 3 months now. Oh yeah, my router must be doing
Thank God for $50 hardware firewalls, because I wouldn't bother owning a
computer if I had keep iptables and a Windows firewall up to date.
That said, this was probably all an elaborate phishing attack which succeded
on getting me to admit there is a mythtv/mythtv account on my myth box.
On 12/29/05, Darren Hart <darren at dvhart.com> wrote:
> I'm sure nobody here is dumb enough to do this, but since I was, thought
> pass the word.
> There is an ssh attack going around with a brute force login using 2187
> different username/password pairs, one such pair happens to be:
> Likle I said, I'm sure noone else but me thought that was a good idea
> :-) Once
> in they must ahve found some app to exploit and get root, then it starts
> scanning addresses - to propogate I guess. There are some indications
> cupsys may have been the culprit there. Anyway, just a heads up, it
> itself with several sshf processes running (78 in my case) and lots of
> login attempts in /var/log/auth.log*
> mythtv-users mailing list
> mythtv-users at mythtv.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the mythtv-users