Re: [CentOS] Linux malware attack

On 3/25/2014 10:38, Les Mikesell wrote: > On Fri, Mar 21, 2014 at 4:18 PM, wrote: >>> >>> #5 (non-standard port) is very useful. >> >> Huh! That's the *only* rationale I've ever heard for security through >> obscurity that actually makes sense. > > It's all obscurity even if you think you can cal

Re: [CentOS] Linux malware attack

On Fri, Mar 21, 2014 at 4:18 PM, wrote: >> >> #5 (non-standard port) is very useful. Not for protecting yourself >> against attack, but from not having your log files fill up with all of >> the automated attack scripts. Which makes it easier to spot the more >> serious attackers who have taken

Re: [CentOS] Linux malware attack

Thomas Harold wrote: > On 3/19/2014 2:50 PM, Ned Slider wrote: >> >> Just to add, I'm sure everyone has already read and implemented many of >> the suggestions here: >> >> http://wiki.centos.org/HowTos/Network/SecuringSSH >> >> Numbers 2 and 7 have already been highlighted in this thread. > > #1 Th

Re: [CentOS] Linux malware attack

On 3/19/2014 2:50 PM, Ned Slider wrote: > > Just to add, I'm sure everyone has already read and implemented many of > the suggestions here: > > http://wiki.centos.org/HowTos/Network/SecuringSSH > > Numbers 2 and 7 have already been highlighted in this thread. > #1 These days I would say that

Re: [CentOS] Linux malware attack

On Thu, Mar 20, 2014 at 8:43 AM, Timothy Murphy wrote: > Johnny Hughes wrote: > > > If you look at page 66 of the PDF, it tells you how to not get infected > > ... don't allow root logins and don't use passwords. > > Thanks very much for your prompt response. > > I was slightly surprised to see t

Re: [CentOS] Linux malware attack

Johnny Hughes wrote: > If you look at page 66 of the PDF, it tells you how to not get infected > ... don't allow root logins and don't use passwords. Thanks very much for your prompt response. I was slightly surprised to see that PermitRootLogin seems to be set to Yes by default on CentOS (and a

Re: [CentOS] Linux malware attack

On 19/03/14 18:31, EGO.II-1 wrote: > > On 03/19/2014 02:21 PM, Johnny Hughes wrote: >> On 03/19/2014 12:39 PM, EGO.II-1 wrote: >>> On 03/19/2014 01:35 PM, Mike McCarthy wrote: Linux server attacks are nothing new. 14 years ago I was installing a server, Red Hat 7 I think, and in the hour

Re: [CentOS] Linux malware attack

On 03/19/2014 10:35 AM, Mike McCarthy wrote: > Years ago I moved sshd off port 22, disabled password logins and use > certificates after noticing my logs filling up with numerous daily > attempts at hacking into sshd. > Not only do I not use port 22, no passwords, and keys with passphrases, the p

Re: [CentOS] Linux malware attack

On 03/19/2014 02:21 PM, Johnny Hughes wrote: > On 03/19/2014 12:39 PM, EGO.II-1 wrote: >> On 03/19/2014 01:35 PM, Mike McCarthy wrote: >>> Linux server attacks are nothing new. 14 years ago I was installing a >>> server, Red Hat 7 I think, and in the hour or so after I installed it to >>> the time

Re: [CentOS] Linux malware attack

On 03/19/2014 12:39 PM, EGO.II-1 wrote: > On 03/19/2014 01:35 PM, Mike McCarthy wrote: >> Linux server attacks are nothing new. 14 years ago I was installing a >> server, Red Hat 7 I think, and in the hour or so after I installed it to >> the time I applied the patches it was infected with an Apach

Re: [CentOS] Linux malware attack

On 03/19/2014 01:35 PM, Mike McCarthy wrote: > Linux server attacks are nothing new. 14 years ago I was installing a > server, Red Hat 7 I think, and in the hour or so after I installed it to > the time I applied the patches it was infected with an Apache ssl trojan. > > Years ago I moved sshd off

Re: [CentOS] Linux malware attack

Linux server attacks are nothing new. 14 years ago I was installing a server, Red Hat 7 I think, and in the hour or so after I installed it to the time I applied the patches it was infected with an Apache ssl trojan. Years ago I moved sshd off port 22, disabled password logins and use certificates

Re: [CentOS] Linux malware attack

On 03/19/2014 11:22 AM, Steve Clark wrote: > On 03/19/2014 12:11 PM, SilverTip257 wrote: >> On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes wrote: >> >>> On 03/19/2014 08:50 AM, Timothy Murphy wrote: SlashDot had an article today on a Linux server malware attack, < >>> http://it.slashdot

Re: [CentOS] Linux malware attack

From: Steve Clark > I didn't see anything about how the machines got infected. Did I miss > something? >From what I understood, it is no brand new vulnerability... It is just bad guys who simply got some servers logins/passwds and installed their malware... JD

Re: [CentOS] Linux malware attack

On 03/19/2014 12:11 PM, SilverTip257 wrote: > On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes wrote: > >> On 03/19/2014 08:50 AM, Timothy Murphy wrote: >>> SlashDot had an article today on a Linux server malware attack, >>> < >> http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected

Re: [CentOS] Linux malware attack

On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes wrote: > On 03/19/2014 08:50 AM, Timothy Murphy wrote: > > SlashDot had an article today on a Linux server malware attack, > > < > http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-linuxunix-servers > >. > > > > I wonder if

Re: [CentOS] Linux malware attack

On 03/19/2014 09:01 AM, Johnny Hughes wrote: > On 03/19/2014 08:50 AM, Timothy Murphy wrote: >> SlashDot had an article today on a Linux server malware attack, >> . >> >> I wonder if there is a simple tes

Re: [CentOS] Linux malware attack

On 03/19/2014 08:50 AM, Timothy Murphy wrote: > SlashDot had an article today on a Linux server malware attack, > . > > I wonder if there is a simple test to see if a CentOS machine > has been infected in

[CentOS] Linux malware attack

SlashDot had an article today on a Linux server malware attack, . I wonder if there is a simple test to see if a CentOS machine has been infected in this way? The article mentions Yara and Snort rules t