| Is LxLabs going crazy or it a 1st of april joke. [message #60825] |
Wed, 01 April 2009 17:58  |
 piplite
Messages: 513
Registered: February 2008
Location: Boston, MA, USA |
Masters |
|
|
So i submitted a question to helpdesk on 30th of march. I figured out the answer to my problem later on the 30th of march too.
But take a look what kind of answer i just recieved
I asked:
Could you please take a look at this problem:
One of vps servers auth log shows that each minute it receives ssh connections from hypervm master server.
auth.log:Mar 30 13:54:49 mano sshd[13575]: Did not receive identification string from x.x.x.x
auth.log:Mar 30 13:55:50 mano sshd[13701]: Did not receive identification string from x.x.x.x
http://forum.lxlabs.com/index.php?t=msg&th=10952&start=0&
And the answer is:
That's just me logging in and raping your entire box.
Something is really wrong.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Is LxLabs going crazy or it a 1st of april joke. [message #60844 is a reply to message #60825] |
Wed, 01 April 2009 19:36  |
clyphox
Messages: 1
Registered: April 2009 |
Member |
|
|
piplite
Apart from the obvious hilarity of this could I suggest that you install DenyHosts on ALL linux/bsd/*nix boxes.. at least any with ssh..
Think of it this way... unless u have SSH limited by KEY and IP with a good firewall behind it... DenyHosts is essential (and recommended anyway)
its a elegant and 100% essential script that does a damn fine job of watching the logs for attempted brute forcing on ssh.
I would have done that LONG before opening a ticket :p
All my machines probably deny aprox 20-40 attempts daily... Its hillarious reviewing my daily log... i used to run ssh on all sorts of fancy ports and stuff before i discovered DenyHosts... anyway, who'd expect it from an internal IP? I dont wanna imagine what the admin password was on this thing roflsticks...
[Updated on: Wed, 01 April 2009 19:41]
|
|
|
|
|
|
|
|
|
|
|
| Re: Is LxLabs going crazy or it a 1st of april joke. [message #60865 is a reply to message #60844] |
Wed, 01 April 2009 20:17 |
Lxhelp
Messages: 23701
Registered: July 2006 |
Masters |
|
|
There was no real hack at all actually.
Somebody logged in via our ticket system, and posted rude messages.
But absolutely nothing else.
On Wed, Apr 01, 2009 at 11:36:31PM -0000, David wrote:
>
>
> piplite
>
> Apart from the obvious hilarity of this could I suggest that you install DenyHosts on ALL linux/bsd/*nix boxes..
>
> its a elegant and 100% essential script that does a damn fine job of watching the logs for attempted brute forcing on ssh.
>
> I would have done that LONG before opening a ticket :p
|
|
|
|
| Re: Is LxLabs going crazy or it a 1st of april joke. [message #60878 is a reply to message #60877] |
Wed, 01 April 2009 20:52 |
Lxhelp
Messages: 23701
Registered: July 2006 |
Masters |
|
|
They had access to the tickets. Yes.
Yes, I am not trying to trivialize the issue. Merely stating that the problem has been properly solved.
thanks.
On Thu, Apr 02, 2009 at 12:48:37AM -0000, aaron@crucialp.com wrote:
>
>
> Lxhelp wrote on Thu, 02 April 2009 11:17
> > There was no real hack at all actually.
> >
> > Somebody logged in via our ticket system, and posted rude messages.
> >
> > But absolutely nothing else.
>
>
> Whether a password is cracked, or they find a back door - that is considered hacked.
>
> Did not they not have access to your entire support desk? I.e. meaning quite a bit of information?
|
|
|
| Re: Is LxLabs going crazy or it a 1st of april joke. [message #60881 is a reply to message #60878] |
Wed, 01 April 2009 20:53 |
Lxhelp
Messages: 23701
Registered: July 2006 |
Masters |
|
|
If you had posted both your login and password via the ticket system, you have to absolutely change it. But that has happened very rarely in our case.
I will send a mass email to everyone.
thanks.
On Thu, Apr 02, 2009 at 11:48:13AM +0530, Lxhelp wrote:
> They had access to the tickets. Yes.
>
> Yes, I am not trying to trivialize the issue. Merely stating that the problem has been properly solved.
>
|
|
|
|
HyperVM & Kloxo Support
Members
Search
Help
Register
Login
Home
