25 Oct
2016
25 Oct
'16
9:28 p.m.
On 2016-10-25 12:46, Johnny Billquist wrote:
But it's hilarious to watch from RSX, how the
script-kiddies try and
try...
For a while I had a patched up sshd running. I have the ssh
config/patches
still documented at http://www.eunet.it/tac8.html but never got around
to
writing up the rest. tldr; a root logon with any password seamlessly
drop you
into a 4.3BSD root shell. I thought hilarity would ensue.
A few observations.
Back then it was mostly China.
Some of the more clever botnets would start their brute force password
attempts with a long random password, probably to detect exactly what
I was doing, running a honeypot.
A large number of attempts to wget/curl a rootkit once in. Probably
scripted or copy/paste, but the lack of any follow up commands was
telling.
I had it up for about a year and nobody ever ruined the box. Actually,
only 2 people ever interactively explored the system.