On Wed, Sep 14, 2005 at 10:32:59AM -0400, Don Schmadel wrote: > Several months ago my machine was compromised through ssh by a system in > the Netherlands. They gained access through a user with an easy password > and then used "su" along with an enormous list of password combinations > to get root access. Finally they installed a "root kit" which caused my > machine to attempt to compromise others. > > The only way to be safe is to: > > 1)carefully check your ssh config file to make sure that "admin", > "test", > and similar users do not have access > > 2)use long (more than 8 characters), very random passwords. "root kits > contain entire dictionaries which they use for sample passwords. > > 3)put any sensitive info on an encrypted partition and demount it > when you are not accessing it. > > With "root kits" attacks can come from your nearest neighbor, so > blocking is of little use.
Something else that is useful is to regularly run John the Ripper (http://www.openwall.com/john/) or similar on your password file to make sure that users are picking good passwords. Having poor passwords creates all kinds of problems (as I guess you found out ;-( ). - Rob .
