I guess the real concern is how they managed to log in in the first
place.

Work out how they snooped your root password. Your bigger worry are all the other machines you're using, not the one which you know has had it.

They may not have snooped the password.

Nick - what version of sshd are you running?

I recently saw a box that was running an earlier version of sshd (3.71p) and had been exploited. The exploiter had written a very simple shell script that he was using on the exploited machine. The script polled ranges of IPs on port 22 greping out just the SSH header string & logging it - there is obviously an easy exploit on earlier versions of sshd without needing to know any passwords...

I guess the bottom line in that instance is always keep internet- facing services up to date!

Regards,
Pete

Reply via email to