David Cary Hart Fedora at
Mon Dec 12 20:12:11 UTC 2005

On Mon, 12 Dec 2005 14:57:28 -0500
Chasecreek Systemhouse <chasecreek.systemhouse at> opined:

> On 12/11/05, Craig White <craigwhite at> wrote:
> > > Whats the general removal procedure for this, and better yet, how
> > > did they get in?
> > ----
> > it would seem that ssh, root allowed to login via password would be
> > the magic combination of bad's been so thoroughly
> > discussed on this list as of late.
> About three months ago I reported a box I admin'ed was accessed thru
> DDoS on the ssh access port -- the sshd was hit 90,000 times a hour
> and the attacker gained access.  They didn't get to do much as the box
> had no compiler, no Perl, and was locked up by SELinux.  I made the
> report to both openssh and to the RedHat ssh developers.  I was
> running FC4 with the then current patches up-to-date.
At the risk of being redundant, running the swatch daemon can add these
nitwits to the firewall on the first attempt.
           Eliminate Spam:
          Multi-RBL Check:
            Zombie Graphs:

More information about the fedora-list mailing list