Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > malware problems & news
Reload this Page Botnet attacks SSH servers
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old August 12th, 2010, 10:00 AM
ronjor's Avatar
ronjor ronjor is offline
Global Moderator
  
Join Date: Jul 2003
Location: Texas
Posts: 46,201
Default Botnet attacks SSH servers
Quote:
According to a number of reports (here and here), the dd_ssh bot is currently responsible for an increase in brute force attacks on SSH connections. Botnet herders are apparently injecting the script via a phpMyAdmin vulnerability and using the compromised computers for targeted SSH attacks. The vulnerability is a year old and only affects the outdated phpMyAdmin versions 2.11.x prior to 2.11.9.5 and 3.x prior to 3.1.3.1.
The H Security
  #2  
Old August 12th, 2010, 06:25 PM
Longboard's Avatar
Longboard Longboard is offline
Massive Poster
  
Join Date: Oct 2004
Location: Sydney, Australia
Posts: 3,097
Default Re: Botnet attacks SSH servers
Linux is not invulnerable..
http://www.esecurityplanet.com/featu...Vulnerable.htm
Not FUD: genuine interest in loopholes
Quote:
For instance, he said he created a Linux kernel exploit system called Enlightenment that ultimately won him some negative interest from the U.S.'s National Security Agency (NSA). According to Spengler, Enlightenment can disable Linux access control policy, including features such as Security-Enhanced Linux (SELinux) and AppArmor -- and in doing so, proves an important point, he said.
Over my head but still some user action required ??

The noted exploit is -well-above my head but certainly being used:
Quote:
an enormous DDOS attack from several IP addresses in China that are all attempting to hit phpmyadmin links to determine what the version is.
This literally brings the server to its knees. Over this past weekend, we saw over 600 thousand connection attempts. It took over 5 hours to firewall all those IP addresses (and I'm sure we got legitimate users too).
http://forums.cpanel.net/f185/attack...in-162302.html
Quote:
Just want to give a heads up to everyone. Over the past 6 hours or so we have seen some script kitty activity that has gotten through phpmyadmin on a few of our servers. The versions of phpmyadmin were not the latest, but not that old either. After getting in, there seems to be your standard ssh brute force attacks that run outgoing scans afterwards.
http://www.directadmin.com/forum/showthread.php?t=37262

Also:
http://www.dslreports.com/forum/r246...in-SSH-Attacks
and
http://www.debian.org/security/2010/dsa-2034
__________________
Don't confuse me with someone who actually knows what they are talking about.
Linux Registered user 469135
Please, support Medecins Sans Frontieres
 

Wilders Security Forums > Other Security Topics > malware problems & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 04:14 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums