Vince Weaver wrote:
Just wanted to add a "me to" story...
A machine I maintain also was broken into this summer by brute forcing
ssh accounts. (Stupid me, I set up a "test" account with an easy
password when doing testing and forgot to take it down when I put it
on the network).
They got into the test account, but my system was up-to date patch
wise, so they weren't manage to get root as far as I could tell, but
they did run an IRC bot which is how I found out about it.
The attacker in my case was from Europe. But we have users of the
system from europe, so the solution is stronger passwords, not
blocking IP's.
You know, this makes me think that the default shell for secure systems
should be some other restricted shell than bash. I'm surprised distros
don't implement this automatically, making root explicitly change the
shell as needed.
