[Gluster-infra] Slave23 compromised
John Mark Walker
jowalker at redhat.com
Fri Mar 6 15:25:26 UTC 2015
Ugh. Who setup this VM?
-JM
----- Original Message -----
> Le vendredi 06 mars 2015 à 10:18 -0500, John Mark Walker a écrit :
> > Huh. What was running on the VM?
>
> Just jenkins, salt-minion, nginx and the usual stuff.
>
> The attack likely occured around 9h42 UTC, since that's when the kernel
> log start to complain about a segfault.
>
> And the way the attacker entered :
>
> Mar 6 09:42:03 slave23 sshd[20045]: reverse mapping checking
> getaddrinfo for 115.114.191.205.static-mumbai.vsnl.net.in
> [115.114.191.205] failed - POSSIBLE BREAK-IN ATTEMPT!
> Mar 6 09:42:03 slave23 sshd[20045]: Accepted password for root from
> 115.114.191.205 port 52378 ssh2
>
> Case closed.
> I am gonna switch root to be ssh keys only.
> --
> Michael Scherer
> Open Source and Standards, Sysadmin
>
> _______________________________________________
> Gluster-infra mailing list
> Gluster-infra at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-infra
>
More information about the Gluster-infra
mailing list