1 |
Rui Pedro Figueira Covelo wrote: |
2 |
> I noticed that the .bash_history it's from the root account. Not guest |
3 |
> or test. If this .bash_history is real, the fact that someone got root |
4 |
> proves that someone used an exploit rather than guessing a weak password |
5 |
> of a guest or test account, right? |
6 |
|
7 |
You do have a very good point. There is probably more to these SSH probes that |
8 |
everyone is seeing than first thought. I've checked out a number of boxes that |
9 |
have been probing my Gentoo server, and they are all Linux boxes running a 2.4 |
10 |
kernel. I don't know if it is automated or someone actually running these |
11 |
probes. The last box that I got probed by was Running RedHat, Apache 1.3.27, and |
12 |
mod_php 4.1.2, so it was fairly recent. It must be one of those SSH exploits (or |
13 |
was it SSL?) from a few months ago. |
14 |
|
15 |
-- |
16 |
Andrew Gaffney |
17 |
Network Administrator |
18 |
Skyline Aeronautics, LLC. |
19 |
636-357-1548 |
20 |
|
21 |
|
22 |
-- |
23 |
gentoo-security@g.o mailing list |