![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Well, I just found a good reason to use one's alternate blog: the machine hosting one's main blog gets cracked by k1dd1ez, and you have to pull the machine off the net, and you have no physical access to the machine until Monday, at which time you'll have to reinstall the whole operating system to guarantee a successful exorcism.
Yep, that'll do it.
I am lucky to have both clueful friends and clueless (or perhaps just unmotivated) attackers in this matter. I don't know when the compromise occurred -- I have reason to suspect it happened more than a week ago -- but I started receiving mail from unknown sysadmins last night, saying that they were receiving repeated, failed ssh login attempts originating from my IP. This morning, after I sent out a call for advice, my BOFH buddy Noah found a patched ssh daemon running on an insanely numbered port, and some other service living on port 12345, which I certainly didn't launch.
Since everything else on my machine looks fine, the blackhats didn't seem to do much mischief
outside of using my poor box as a platform for further attacks, and for this I am lucky. However, there's no telling what else they may have accomplished more subtly, so down it all goes.
I guess I needed to be taught a lesson about Internet security, and the lesson could have been much harder -- thanks heavens they didn't touch any of my or my friends' data! However, the timing could have been a lot better, as I have to be moving sometime this week, and that's enough of a timesink in itself. I'm prepared to be without my vanity domain for several days. Sigh.
Yep, that'll do it.
I am lucky to have both clueful friends and clueless (or perhaps just unmotivated) attackers in this matter. I don't know when the compromise occurred -- I have reason to suspect it happened more than a week ago -- but I started receiving mail from unknown sysadmins last night, saying that they were receiving repeated, failed ssh login attempts originating from my IP. This morning, after I sent out a call for advice, my BOFH buddy Noah found a patched ssh daemon running on an insanely numbered port, and some other service living on port 12345, which I certainly didn't launch.
Since everything else on my machine looks fine, the blackhats didn't seem to do much mischief
outside of using my poor box as a platform for further attacks, and for this I am lucky. However, there's no telling what else they may have accomplished more subtly, so down it all goes.
I guess I needed to be taught a lesson about Internet security, and the lesson could have been much harder -- thanks heavens they didn't touch any of my or my friends' data! However, the timing could have been a lot better, as I have to be moving sometime this week, and that's enough of a timesink in itself. I'm prepared to be without my vanity domain for several days. Sigh.
