[App_rpt-users] What is the "debian" user in the DIAL distro?
Steve Passmore
k6kya at hokeynet.net
Wed May 10 19:15:20 UTC 2017
Does anyone know what the user "debian" is used for in the DIAL distro?
I had a node compromised where it appears they guessed the password for
the user debian. I note on other un-compromised nodes there is a
preexisting user "debian" with a password set.
The attacker installed a bitcoin miner, storing their files under
/var/tmp/.new chrootkit reported it as possibly being the Mumblehard
backdoor.
I'd suggest anyone with a DIAL node, at the very least, remove the user
"debian"'s password.
passwd -d debian
Steve, k6kya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20170510/dc360158/attachment.html>
More information about the App_rpt-users
mailing list