9 Aug
2006
9 Aug
'06
7:48 p.m.
Drew Weaver wrote:
If they got in via SSH and all they did was deface his website they must be stand-up guys, huh?
Indeed. I try to be reasonably quick about updates and the occasional short-notice ssh exploit is rather scary.
---
I've found that at least 75-80% of the time there is a compromise the "hacker" doesn't have "local" access to the system, meaning a shell. They simply upload a script to /tmp, run it, and that's their damage. If they are getting in via SSH someone has a bad security policy.
-Drew