Re: hacked through ssh

From: John (
Date: 03/10/04

Date: 10 Mar 2004 06:43:21 -0800 (Darren Tucker) wrote in message news:<c2m9lm$7k3$>...
> In article <>,
> John <> wrote:
> >I've got a D2D backup applicance that came preinstalled with a version
> >of RH Linux. Not sure which version. However I am sure that it is
> >running OpenSSH_3.1p1.
> [...]
> >I'm 99% convinced (from searching google for half a day) that this was
> >due to the old version of OpenSSH and the fact that I had SSH open up
> >to the outside world. But I have not encountered any real proof that
> >what I'm looking at came from those mistakes.
> That version of OpenSSH did have an exploitable problem in some
> configurations (unless it was patched by the vendor):

Yes, I'm aware of the exploitable problem. That's why i'm 99%
convinced that that was the problem. However, I'm still looking for
that difinitive proof that that is how the bot or whatever made it's
way into the system.

I found a post on a bulgarian linux website that quotes the exact same
junk that I saw in my rc.sysinit unfortunately, the only thing on the
post that makes any sense to me is the script code i already
recognize... The posts (including the followup that probably has what
I'm looking for) are all in bulgarian. :)


Relevant Pages

  • End of my rope
    ... I'm running Linux with OpenSSH and Windows with Putty. ... negotiation with an to an outside OpenSSH server on Linux. ... OpenSSH client on Linux outside my network hangs immediatly after ...
  • Re: Somebody is keep trying to ssh into my systems, how can I stop that?
    ... That means that you can NOT take what is true about OpenBSD ... to Linux because, as you point out here, Linux IS NOT BSD. ... OpenSSH is part of OpenBSD, but it also runs on Linux. ... anything with massive amounts of unrelated data the way you do. ...
  • Re: how to find out the version of a running sshd
    ... >> I have openssh sshd running on my linux 7.2. ... Just install the RedHat 7.2 updated RPM. ...
  • Re: Openssh security
    ... doesn't use PrivSep and thus doesn't have its fragilities? ... addressed a *single one* of the real security bugs for OpenSSH. ... deployment broke OpenSSH for a lot of new users in lots of Linux ...