Phishing - Linux boxes are vulnerable

Les Mikesell lesmikesell at gmail.com
Thu Oct 4 19:32:27 UTC 2007


Mike Wright wrote:
> Jacques B. wrote:
> <snip />
>> I'm no expert on this topic. But I do know a case where the
>> application that was running on the web server was exploited due to a
>> vulnerability in that application, not in Apache or the Linux box.  I
>> suspect that is the case more often than not.  Someone compromises a
>> web site that is running a vulnerable application.  That site happens
>> to be hosted on a Linux box (because let's face it, a lot of web
>> servers out there run on *nix).
>>
> 
> Hi Jacques.
> 
> I think you're right on the money there.  Google for phpbb and hack for 
> an example of your point.

There's also a huge amount of ssh password-guessing going on, and with 
most distos, ssh is enabled by default on port 22.   What I've seen 
appears to be very carefully time-constrained as though the programs 
doing it are trying large numbers of machines at once and limiting the 
attempts to any single machine to avoid notice.

-- 
   Les Mikesell
    lesmikesell at gmail.com





More information about the users mailing list