Forgot your password?
typodupeerror
Botnet Security IT Linux

The Hail Mary Cloud and the Lessons Learned 99

Posted by timothy
from the not-so-full-of-grace dept.
badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe."
This discussion has been archived. No new comments can be posted.

The Hail Mary Cloud and the Lessons Learned

Comments Filter:
  • by foobar bazbot (3352433) on Saturday October 05, 2013 @02:35PM (#45045957)

    This is about the low-intensity password brute-forcing via ssh that's been going on for years -- the only difference between this and any other password brute-forcing via ssh is that fail2ban and such scripts are ineffective, because the attempts are so low-frequency that it's practically impossible to distinguish them from users fumbling their passwords.

    The simple solution is to disable password authentication for all users, and make them use keys -- this renders you 100% safe from this botnet. If that's infeasible, be damn sure you've disabled password authentication for root (i.e. "PermitRootLogin no" or "PermitRootLogin without-password" if you still want key-based root logins). If you do allow password logins for any or all users, enforce strong password requirements.

  • by Noryungi (70322) on Saturday October 05, 2013 @02:53PM (#45046091) Homepage Journal

    I think this article points to the fact the author is retarded.

    Considering the retarded author in question is someone who is a respected author on OpenBSD ''pf'', firewalls and security in general, I think your answer prove you are the retarded one.

Wherever you go...There you are. - Buckaroo Banzai

Working...