[lug] Hacked SSH Daemon
George Sexton
gsexton at mhsoftware.com
Sat Sep 8 21:19:22 MDT 2007
Carl Hamlin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> George Sexton wrote:
>> I think a machine that I admin has been hacked.
>
> Quick question:
>
> Does this seem like a joyriding expedition, or was there objectively
> valuable data on the machine?
It was a mail server for a client. Probably a bunch of boring contracts
and technical reports.
There's no evidence that once they put the hacked ssh daemon in place
they did anything more. The hack was pretty bad, and kept the ssh daemon
from auto-starting, so it was hardly ever available anyhow.
--
George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL: http://www.mhsoftware.com/
More information about the LUG
mailing list