Botnet attacks SSH servers

ronjor · Aug 12, 2010

According to a number of reports (here and here), the dd_ssh bot is currently responsible for an increase in brute force attacks on SSH connections. Botnet herders are apparently injecting the script via a phpMyAdmin vulnerability and using the compromised computers for targeted SSH attacks. The vulnerability is a year old and only affects the outdated phpMyAdmin versions 2.11.x prior to 2.11.9.5 and 3.x prior to 3.1.3.1.
Click to expand...

The H Security

Longboard · Aug 12, 2010

Linux is not invulnerable..
http://www.esecurityplanet.com/feat...Con-Exploits-Show-Why-Linux-Is-Vulnerable.htm
Not FUD: genuine interest in loopholes

For instance, he said he created a Linux kernel exploit system called Enlightenment that ultimately won him some negative interest from the U.S.'s National Security Agency (NSA). According to Spengler, Enlightenment can disable Linux access control policy, including features such as Security-Enhanced Linux (SELinux) and AppArmor -- and in doing so, proves an important point, he said.
Click to expand...

Over my head but still some user action required ??

The noted exploit is -well-above my head but certainly being used:

an enormous DDOS attack from several IP addresses in China that are all attempting to hit phpmyadmin links to determine what the version is.
This literally brings the server to its knees. Over this past weekend, we saw over 600 thousand connection attempts. It took over 5 hours to firewall all those IP addresses (and I'm sure we got legitimate users too).
Click to expand...

http://forums.cpanel.net/f185/attacks-targeting-phpmyadmin-162302.html

Just want to give a heads up to everyone. Over the past 6 hours or so we have seen some script kitty activity that has gotten through phpmyadmin on a few of our servers. The versions of phpmyadmin were not the latest, but not that old either. After getting in, there seems to be your standard ssh brute force attacks that run outgoing scans afterwards.
Click to expand...

http://www.directadmin.com/forum/showthread.php?t=37262

Also:
http://www.dslreports.com/forum/r24640843-Botnet-Trend-phpMyAdmin-SSH-Attacks
and
http://www.debian.org/security/2010/dsa-2034

Log in or Sign up

Botnet attacks SSH servers

ronjor Global Moderator

Longboard Registered Member

Log in or Sign up

Botnet attacks SSH servers

ronjor Global Moderator

Longboard Registered Member

Useful Searches