Never Hacked or Infected--Yet (Was: Re: End of life for FC12?)
Hiisi
saippua5 at gmail.com
Thu Nov 11 08:20:33 UTC 2010
to, 2010-11-11 kello 14:28 +0800, Ed Greshko kirjoitti:
> On 11/11/2010 02:19 PM, Patrick Bartek wrote:
> > --- On Wed, 11/10/10, Andras Simon <szajmi at gmail.com> wrote:
> >
> >> I hope that you're not deluding yourself...
> > Why would you think I am?
> >
> >
> Because it is whole lot of "fun" to play the speculation game.... Some
> people have too much time on their hands....
>
>
I think this question shouldn't be associated only with someone's
speculation or paranoia. This is a typical entries from logwatch reports
on my machine:
--------------------- pam_unix Begin ------------------------
dovecot:
Authentication Failures:
web6p5 rhost=178.77.68.97 : 242 Time(s)
web7p1 rhost=178.77.68.97 : 239 Time(s)
web6p4 rhost=178.77.68.97 : 238 Time(s)
web6p3 rhost=178.77.68.97 : 235 Time(s)
web6p2 rhost=178.77.68.97 : 232 Time(s)
.....
sshd:
Authentication Failures:
unknown (mail.access350.co.ke): 845 Time(s)
root (222.33.56.100): 800 Time(s)
vsftpd:
Authentication Failures:
Administrator rhost=ns.medicalyohin.com : 2283 Time(s)
admin rhost=ns.medicalyohin.com : 2283 Time(s)
Password Failures:
user unknown: 4566 Time(s)
Also there's a lot of 404-error messages from httpd, when somebody
(something?) looked for mysql or phpmyadmin web-cinfiguration:
--------------------- httpd Begin ------------------------
......
//php-my-admin/config/config.inc.php?p=phpinfo();
.....
When I first saw it all I was scared that occasionally THEY will guess
root passwd and will take control over my machine. So, I did a bit of
modification of stock configuration (i.e. ssh root login is now
forbidden, every user on the system has strong passwd, phpmyadmin is
uninstalled, system is always up-to-date and so on). Probably I should
also configure rkhunter or sshd to allow only 3 authentication failures
before blacklisting the intruder IP. Anyway, this topic is not a joke!
THEY ARE hunting for us!
--
Never trust an operating system you don't have sources for. ;-)
-- Unknown source
More information about the users
mailing list