[wplug] Breakin attempts against the nobody account

Jonathan Billings jsbillings at gmail.com
Mon Mar 28 10:13:12 EST 2005


On Mon, 28 Mar 2005 10:03:36 -0500, Bill Moran <wmoran at potentialtech.com> wrote:

> My question is: Are there systems out there with an unsecured "nobody"
> account by default?  Or are there installation profiles that enable the
> "nobody" account?
> 
> I'm just curious, since I'm not familiar with any way this would ever
> work.

My guess would be that they aren't trying to break into a server that
had a bad admin who set the "nobody" password, but rather there is
some common script-kiddy script that sets a password for "nobody" to
allow them to log in later, after the cleanup, since someone might not
notice that a password was added.

Jonathan Billings


More information about the wplug mailing list