-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Best approach is not to use passwords - SSH keys are simple to set up and you can disable password authentication in sshd, which makes your system practically uncrackable.
Fail2ban is also an excellent program to run - it will automatically block in iptables anything that fails to login more than a few times, which stops most automated bots. Cheers, James Harrison On 25/11/2012 19:45, Robert Jeffares wrote: > have had an interesting attack from what my isp says is a 'known' > source which was made through the remote desktop to the RD server. > > password is rdvnc and I have never managed to figure out how to > change it > > anyway this attacker logged in and managed to load some code which > has hijacked the root account, then modified the crontab to run a > program which the attacker attempted to install but failed because > Centos on the appliance CD is missing a few files and the attacker > was unable to install them from the repository. I have seen the > missing file message before but since everything is working I have > ignored it. > > Not sure how long this all took but discovered an open console > window on the server with a complete track of events and log files > on the vnc server indicate this happened over some considerable > time. > > root has lost the ability to ls but can do most everything else > > Minor inconvenience bringing backup system on line, and now working > on securing the remote desktop so that it is port shifted and > hopefully we can add another layer of firewall security. > > First problem in four years despite constant polling by various > parties for open ports on the broadband box. They had found the > ssh port shifted from 22 but the passwords held firm. > > My fault for leaving this open. > > There may be other appliance users who have left vnc ports open > and the default password just waiting for a visit from this pia. > > I have looked at the vnc password howto but it is not working for > me .. or i am looking in the wrong place.. > > Robert Jeffares Big Valley Radio Thames New Zealand > _______________________________________________ Rivendell-dev > mailing list [email protected] > http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlCydswACgkQ22kkGnnJQAzv5wCgthtwLzff4uaDIb+UWgHqYRiE Mt4Ani2LYqxMvESjf/VSJClYpWWVUYW8 =/4g7 -----END PGP SIGNATURE----- _______________________________________________ Rivendell-dev mailing list [email protected] http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
