21 Oct
2004
21 Oct
'04
9:03 p.m.
Perry Lorier wrote:
I have had several people talk to me over the last few days about having their machine compromised. The infection vector appears to be weak ssh passwords. The compromise appears to based on people scanning for open ssh ports then brute forcing passwords before installing a Trojan that connects to IRC and accept commands from a channel (such as .ddos <ip>).
I don't want to be stating something obvious or stupid, but what about running SSH on a high port ? I do that and have VERY little activity. - Drew