Re: How could this account have been cracked?
- From: Ian Kilgore <iank@xxxxxxxxxxxxxxx>
- Date: Mon, 25 Sep 2006 19:13:35 GMT
On 2006-09-25, robb@xxxxxxx <robb@xxxxxxx> wrote:
I personally created an account with a somewhat uncommon spelling of aCan you clarify on the meaning of 'console'? Do you mean you logged in
name. I told no one about this account. I personally only once logged
into it from the console in my private office running KDE in order to
test it. It's possible I gave it a weak password. (I've since
forgotten it.)
to the compromised machine remotely from a box in your office, or do you
mean that you logged into the compromised machine via /its/ console (ie
not remotely)?
Arguably, that sounds like there was no 'person' involved, just an ssh
Only seven days later, "last" shows someone ssh'ing into the account.
Inspection shows that this person really knew what they were doing -
attempting to install a rootkit, setting up a spam process, etc.
bot.
--
Ian Kilgore
echo "pfxz@xxxxxxxx" | tr pzfwxt ikagno
.
- Follow-Ups:
- Re: How could this account have been cracked?
- From: robb@xxxxxxx
- Re: How could this account have been cracked?
- References:
- How could this account have been cracked?
- From: robb@xxxxxxx
- How could this account have been cracked?
- Prev by Date: Re: How could this account have been cracked?
- Next by Date: Re: opening a port
- Previous by thread: Re: How could this account have been cracked?
- Next by thread: Re: How could this account have been cracked?
- Index(es):
Relevant Pages
|
