[RDD] security breach

James Harrison james at talkunafraid.co.uk
Sun Nov 25 14:51:40 EST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Best approach is not to use passwords - SSH keys are simple to set up
and you can disable password authentication in sshd, which makes your
system practically uncrackable.

Fail2ban is also an excellent program to run - it will automatically
block in iptables anything that fails to login more than a few times,
which stops most automated bots.

Cheers,
James Harrison

On 25/11/2012 19:45, Robert Jeffares wrote:
> have had an interesting attack from what my isp says is a 'known' 
> source which was made through the remote desktop to the RD server.
> 
> password is rdvnc and I have never managed to figure out how to
> change it
> 
> anyway this attacker logged in and managed to load some code which
> has hijacked the root account, then modified the crontab to run a
> program which the attacker attempted to install but failed because
> Centos on the appliance CD is missing a few files and the attacker
> was unable to install them from the repository.  I have seen the
> missing file message before but since everything is working I have
> ignored it.
> 
> Not sure how long this all took but discovered an open console
> window on the server with a complete track of events and log files
> on the vnc server indicate this happened over some considerable
> time.
> 
> root has lost the ability to ls but can do most everything else
> 
> Minor inconvenience bringing backup system on line, and now working
> on securing the remote desktop so that it is port shifted and
> hopefully we can add another layer of firewall security.
> 
> First problem in four years despite constant polling by various 
> parties for open ports on the broadband box. They had found the
> ssh port shifted from 22 but the passwords held firm.
> 
> My fault for leaving this open.
> 
> There may be other appliance users who have left vnc ports open
> and the default password just waiting for a visit from this pia.
> 
> I have looked at the vnc password howto but it is not working for
> me .. or i am looking in the wrong place..
> 
> Robert Jeffares Big Valley Radio Thames New Zealand 
> _______________________________________________ Rivendell-dev
> mailing list Rivendell-dev at lists.rivendellaudio.org 
> http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlCydswACgkQ22kkGnnJQAzv5wCgthtwLzff4uaDIb+UWgHqYRiE
Mt4Ani2LYqxMvESjf/VSJClYpWWVUYW8
=/4g7
-----END PGP SIGNATURE-----


More information about the Rivendell-dev mailing list