> Further googling indicates that UnixCod is a brute force ssh scanner... what is is odd is that i have fail2ban ruunning ( which blocks IPs after 2 failed attempts) and a 8 letter passwd but i still got hacked.... Hi Marco, Just because the app is an SSH scanner doesn't automatically mean theybroke in through SSH. As has been mentioned a few times the most likely vector ofattack/compromise on your machine was through a app/script of somesort running on your website. Any of the app's you mentioned in anearlier post is suspect in this case. -- Drew "Nothing in life is to be feared. It is only to be understood."--Marie Curie_______________________________________________CentOS mailing listCentOS@xxxxxxxxxxxxxx://lists.centos.org/mailman/listinfo/centos
Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- From: Drew <drew.kay@xxxxxxxxx>
- Date: Wed, 3 Jun 2009 10:38:49 -0700
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <471684.32322.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- References: <12cde01c9e452$ab9d6540$0301a8c0@xxxxxxxxx> <471684.32322.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- References:
- Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- From: Linux Advocate
- Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Prev by Date: Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Next by Date: Removing old kernels
- Previous by thread: Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Next by thread: Re: Centos 5.3 -> Apache - Under Attack ? Oh hell....
- Index(es):
 |