[App_rpt-users] What is the "debian" user in the DIAL distro?
Steve Zingman
szingman at msgstor.com
Wed May 10 19:19:00 UTC 2017
That is a leftover "mandated" from above. It will be disabled in the RC.
Steve N4IRS
On 5/10/2017 3:15 PM, Steve Passmore wrote:
> Does anyone know what the user "debian" is used for in the DIAL
> distro? I had a node compromised where it appears they guessed the
> password for the user debian. I note on other un-compromised nodes
> there is a preexisting user "debian" with a password set.
> The attacker installed a bitcoin miner, storing their files under
> /var/tmp/.new chrootkit reported it as possibly being the
> Mumblehard backdoor.
>
> I'd suggest anyone with a DIAL node, at the very least, remove the
> user "debian"'s password.
>
> passwd -d debian
>
> Steve, k6kya
>
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20170510/008b19d5/attachment.html>
More information about the App_rpt-users
mailing list