3 Jun
2009
3 Jun
'09
7:38 p.m.
Further googling indicates that UnixCod is a brute force ssh scanner... what is is odd is that i have fail2ban ruunning ( which blocks IPs after 2 failed attempts) and a 8 letter passwd but i still got hacked....
Hi Marco,
Just because the app is an SSH scanner doesn't automatically mean they broke in through SSH.
As has been mentioned a few times the most likely vector of attack/compromise on your machine was through a app/script of some sort running on your website. Any of the app's you mentioned in an earlier post is suspect in this case.
--
Drew
"Nothing in life is to be feared. It is only to be understood."
--Marie Curie