Professional Web Applications Themes

mysql scammer - MySQL

Removed by Administrator...

  1. Moderated Post

    Default mysql scammer

    Removed by Administrator
    KeithGlidewell@gmail.com Guest
    Moderated Post

  2. #2

    Default Re: mysql scammer

    > Just noticed some clown logged into my mysql account and set up a cron 

    MySQL has a shell? Forgive my ignorance, as I am not a linux or unix
    guru, but I would not suspect that you could actually log in as mysql
    with a shell and fool around...

    --
    Willem Bogaerts

    Application smith
    Kratz B.V.
    http://www.kratz.nl/
    Willem Guest

  3. #3

    Default Re: mysql scammer

    Willem Bogaerts wrote: 

    Being paranoid, I just checked a couple of systems here.

    I found one mysql account on a RedHat 9 box, with a password of mysql, and a
    valid shell. rpm -q mysql says "mysql-3.23.41-1"
    Password and shell zapped, I wonder what/who's system I just broke.... (It was
    on some other user's old support system)

    That particular machine is not connected to the internet, but if that is the
    default configuration, there are probably thousands out there.

    Clues for the clueless:
    If you allow telnet access to your machine, you're insane.
    If you allow SSH access to your machine, using passwords, you're insane.

    SSH, if configured to allow connections from outside, should permit access only
    via public/secret keys; That usually means the following in /etc/sshd.conf

    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys
    PasswordAuthentication no

    followed by some ssh-keygen -t rsa on the clients, some copying of .pub files
    into lines in ~user/.ssh/authorized_keys, appropriate permissions set on .ssh
    and .ssh/authorized_keys, and possibly moving the SSH port to somewhere else to
    avoid the log-file-filling brute force password attacks that happen from time to
    time (They wont succeed, but they waste bandwidth and log space).

    (and of course, you need to keep your SSH install up-to-date as there are some
    very hairy security problems in not-too-distant earlier releases)

    Jim Guest

Similar Threads

  1. Replies: 2
    Last Post: February 14th, 10:54 AM
  2. Replies: 1
    Last Post: January 23rd, 12:06 PM
  3. Replies: 0
    Last Post: January 29th, 02:03 PM
  4. Busy Russian scammer
    By Frozen Carp in forum Macromedia Dreamweaver
    Replies: 1
    Last Post: July 15th, 02:37 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139