>> >> Caveats such as week passwords, open ports and advertising insecure services >> are the domain of poor administration and understanding - they are not >> Operating >> System dependent. >> >> Exempting organised spam gangs and their infrastructure, it's probably fair >> to say that >> most of the spam I see has come from a mule Windo$e box. I'll worry about >> Linux Desktop Botnets >> when I see it happening :-) >> Hi,
myabe you should see it... :( During the last month I recorded 1993 distinct IPs that were participating in a distributed ssh attack - some of them changed, disappeared, and came back after a while, so they seem to be mostly static addresses. Starting Nov 1st, I implemented p0f on the server. Out of the login attempts coming from this fairly huge amount of bots, a total of 4 events were attributed to Windows XP an W98, abd a small percentage was classified as unknown by p0f (these could be some special routers / gateways) Where IPs looked like machines in a computer center, I occasionally had a closer look and found newly created sites, machines perhaps not intended to run a plain webserver at all, and sites inviting to log into plesk / confixx / whatever One admin admitted that they were hacked through login guest / pass guest Wolfgang