have had an interesting attack from what my isp says is a 'known' source which was made through the remote desktop to the RD server.
password is rdvnc and I have never managed to figure out how to change it anyway this attacker logged in and managed to load some code which has hijacked the root account, then modified the crontab to run a program which the attacker attempted to install but failed because Centos on the appliance CD is missing a few files and the attacker was unable to install them from the repository. I have seen the missing file message before but since everything is working I have ignored it. Not sure how long this all took but discovered an open console window on the server with a complete track of events and log files on the vnc server indicate this happened over some considerable time. root has lost the ability to ls but can do most everything else Minor inconvenience bringing backup system on line, and now working on securing the remote desktop so that it is port shifted and hopefully we can add another layer of firewall security. First problem in four years despite constant polling by various parties for open ports on the broadband box. They had found the ssh port shifted from 22 but the passwords held firm. My fault for leaving this open. There may be other appliance users who have left vnc ports open and the default password just waiting for a visit from this pia. I have looked at the vnc password howto but it is not working for me .. or i am looking in the wrong place.. Robert Jeffares Big Valley Radio Thames New Zealand _______________________________________________ Rivendell-dev mailing list [email protected] http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
