Darn Annoying Hackers...
Well, I'll be the first person to admit I'm not perfect, and I found that out really quickly when we were hacked severely over the weekend. My biggest mistake was using the same two passwords all over a bunch of assorted Linux boxes I use around the Internet, and my second mistake was overusing 'sudo' and giving myself too much access based on two very good and cryptic passwords. Sure they were good passwords, but once someone has captured those two passwords (through a compromised ssh client or sshd server no doubt), they had root access all over the place. So now I have changed passwords everywhere, patched assorted systems with clean binaries (why are we still using Red Hat 9 on some boxes?) and removed access to many domains and simply turned off sshd on several systems that really did not need it (Did I really need to ssh into my iMac?). What a fun time this has been, all because a few people somewhere thought they needed to run psyBNC bouncer somewhere and also scan half the internet for some open anonymous FTP servers. Why do these people do this? Is this their idea of fun? Don't they realize with their knowledge they could actually be earning real money somewhere instead of just giving other people grief? Then they could buy their own dedicated or "virtual private" server somewhere (they're cheap!) and install anything they feel like on it! That way their psyBNC bouncer could stay up and running for months or years instead of just until some random sysadmin shuts it down.
Comments