Re: [botnets] mech config captured today
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- he? .. i relly didn't understand. my english is so poor on essays ;( b J. Oquendo napsal(a): bodik wrote: yes, i was a ssh bruteforce. user installed oracle client recently, and forget to change a password ;(( it was oracle:oracle After all this time I don't know how come stupid administrators are given access to administrate machines. How hard can it be to block in all (iptables, ipfw, ipf, etc) to ssh minus the ones that need access. It boggles me. How hard was it to find and install something easily found on the Internet (ossec) to mitigate against this? About 1 minute ./install Some of these compromised businesses need to start giving idiot admins the boot. Sorry if its off-topic, harsh, etc., but man experience, training, common sense sure go a long way. J. Oquendo SGFA (FW+VPN v4.1) SGFE (FW+VPN v4.1) I hear much of people's calling out to punish the guilty, but very few are concerned to clear the innocent. Daniel Defoe http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xF684C42E ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] mech config captured today
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Just taking a wild stab in the dark, I'd bet on SSH brute force. A number of groups on Undernet (Romanian ones especially) are known to SSH brute force attack boxes and then install mech and put up a bunch of clones in an IRC channel from the box. Here's a nice example of the classic scenario (sometimes it's more automated though): http://lists.virus.org/dshield-0407/msg00193.html Steven On Fri, 16 Nov 2007 12:08:49 -0500, Adriel Desautels [EMAIL PROTECTED] wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] mech config captured today
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] --bodik wrote: yes, i was a ssh bruteforce. user installed oracle client recently, and forget to change a password ;(( it was oracle:oracle After all this time I don't know how come stupid administrators are given access to administrate machines. How hard can it be to block in all (iptables, ipfw, ipf, etc) to ssh minus the ones that need access. It boggles me. How hard was it to find and install something easily found on the Internet (ossec) to mitigate against this? About 1 minute ./install Some of these compromised businesses need to start giving idiot admins the boot. Sorry if its off-topic, harsh, etc., but man experience, training, common sense sure go a long way. J. Oquendo SGFA (FW+VPN v4.1) SGFE (FW+VPN v4.1) I hear much of people's calling out to punish the guilty, but very few are concerned to clear the innocent. Daniel Defoe http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xF684C42E smime.p7s Description: S/MIME Cryptographic Signature ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] mech config captured today
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- yes, i was a ssh bruteforce. user installed oracle client recently, and forget to change a password ;(( it was oracle:oracle bodik Adriel Desautels wrote: How did they get in? Regards, Adriel T. Desautels access was gained by very very weak password, and standard procedure comes, download bot, ssh cracker, spam tool ... ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets