[wplug] Breakin attempts against the nobody account
Drew from Zhrodague
drew at zhrodague.net
Mon Mar 28 10:19:42 EST 2005
> I'm sure I'm not the only one seeing this. I constantly have jackasses
> trying to ssh in to my server, in the hopes that I've chosen a really
> stupid password for an account. Usually this is against root, and I'm
> guessing such an attack yields a frighteningly high number of successes
> when applied against 1000s of machines.
>
> However, I occasionally see the attempt against other accounts ... last
> night it was against "nobody". This surprises me, as any system I've
> every seen has the "nobody" account disabled by default, so such an
> approach would be pretty much a waste of time.
>
> My question is: Are there systems out there with an unsecured "nobody"
> account by default? Or are there installation profiles that enable the
> "nobody" account?
>
> I'm just curious, since I'm not familiar with any way this would ever
> work.
I've seen people poking at my box, via ssh over some kind of ipv6
exploit -- I turned it off.
Remember, logs tell all, if you make sure that you are logging.
There are lots of log analyzers out there -- didn't someone post a message
about those? I should really use one, because manually going through logs
is tedious, and usually makes me mad!
I also see people pounding our webserver with bogus pr0n-related
referers.
--
Drew from Zhrodague http://www.WiFiMaps.com
drew at zhrodague.net Location Based WiFi
More information about the wplug
mailing list