Site BLOG PAGE🔎 SEARCH  Ξ INDEX  MAIN MENU  UP ONE LEVEL
 OJB's Web Site. Version 2.1. Blog Page.You are here: entry300 blog owen2 
Blog

Add a Comment   Up to OJB's Blog List

Not a Good Week

Entry 300, on 2006-03-17 at 17:10:59 (Rating 1, Computers)

This has not been one of my better weeks at work. Things have gone from bad to worse in relation to the security problems on my servers. It now turns out that two of my machines have been compromised. But at least there hasn't been a repeat of the DoS attack of the beginning of the week.

After doing some research on the Internet and on the affected computer, it turns out that the machine was initially compromised by a brute force attack on SSH. In other words, the group attacking the computer just hit it with passwords until they got the right one. They had a program to send the passwords of course, not just a bunch of continuously typing hackers!

It seems that there was no specific weakness in Mac OS X Server. Any service relying on passwords for authentication is potentially open to this sort of attack, I just didn't use secure enough passwords. Most likely it was not my administration accounts which were used, but accounts of users on the servers. Unfortunately the system allocates new users SSH access automatically when they are added. I know I should have disabled that for all users who didn't need it. Many things are obvious with hindsight!

Well, at least I think I understand the mechanism of the attack. A brute force attack looks for passwords on servers running SSH - it would also work for standard Mac OS X with SSH (Remote Login) on with international access through the firewall, or any other OS with a remote login system. Then an IRC server is installed using the compromised account. While IRC is used the machine would continue to work normally. Finally, sometimes a disagreement on an IRC channel running on the server results in the launch of a DoS attack to disable the machine.

I now use passwords so obscure even I don't know what they are! I'll have a few hours rebuilding the servers next week. Overall, the whole thing is just a really annoying waste of time, but a lesson about taking security seriously - even on a Mac!


There are no comments for this entry.


You can leave comments about this entry using this form.

Enter your name (optional):
Enter your email address (optional):
Enter the number shown here:number
Enter the comment:

To add a comment: enter a name and email (optional), type the number shown, enter a comment, click Add.
Note that you can leave the name blank if you want to remain anonymous.
Enter your email address to receive notifications of replies and updates to this entry.
The comment should appear immediately because the authorisation system is currently inactive.

I do podcasts too!. You can listen to my latest podcast, here: OJB's Podcast 2024-08-22 Stirring Up Trouble: Let's just get every view out there and fairly debate them..
 Site ©2024 by OJBRSS FeedMicrosoft Free ZoneMade & Served on Mac 
Site Features: Blog RSS Feeds Podcasts Feedback Log04 Nov 2024. Hits: 47,424,911
Description: Blog PageKeywords: BlogLoad Timer: 13ms