[wplug] Breakin attempts against the nobody account
Jonathan Billings
jsbillings at gmail.com
Mon Mar 28 10:13:12 EST 2005
On Mon, 28 Mar 2005 10:03:36 -0500, Bill Moran <wmoran at potentialtech.com> wrote:
> My question is: Are there systems out there with an unsecured "nobody"
> account by default? Or are there installation profiles that enable the
> "nobody" account?
>
> I'm just curious, since I'm not familiar with any way this would ever
> work.
My guess would be that they aren't trying to break into a server that
had a bad admin who set the "nobody" password, but rather there is
some common script-kiddy script that sets a password for "nobody" to
allow them to log in later, after the cleanup, since someone might not
notice that a password was added.
Jonathan Billings
More information about the wplug
mailing list