Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Botnet Security IT Linux

The Hail Mary Cloud and the Lessons Learned 99

Posted by timothy
from the not-so-full-of-grace dept.
badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe."
This discussion has been archived. No new comments can be posted.

The Hail Mary Cloud and the Lessons Learned

Comments Filter:
  • by foobar bazbot (3352433) on Saturday October 05, 2013 @01:35PM (#45045957)

    This is about the low-intensity password brute-forcing via ssh that's been going on for years -- the only difference between this and any other password brute-forcing via ssh is that fail2ban and such scripts are ineffective, because the attempts are so low-frequency that it's practically impossible to distinguish them from users fumbling their passwords.

    The simple solution is to disable password authentication for all users, and make them use keys -- this renders you 100% safe from this botnet. If that's infeasible, be damn sure you've disabled password authentication for root (i.e. "PermitRootLogin no" or "PermitRootLogin without-password" if you still want key-based root logins). If you do allow password logins for any or all users, enforce strong password requirements.

  • by Noryungi (70322) on Saturday October 05, 2013 @01:53PM (#45046091) Homepage Journal

    I think this article points to the fact the author is retarded.

    Considering the retarded author in question is someone who is a respected author on OpenBSD ''pf'', firewalls and security in general, I think your answer prove you are the retarded one.

Have you reconsidered a computer career?

Working...