[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Drew drew.kay at gmail.com
Wed Jun 3 17:38:49 UTC 2009

> Further googling indicates that UnixCod  is a brute force ssh scanner... what is is odd is that i have fail2ban ruunning ( which blocks IPs after 2 failed attempts) and a 8 letter passwd but i still got hacked....

Hi Marco,

Just because the app is an SSH scanner doesn't automatically mean they
broke in through SSH.

As has been mentioned a few times the most likely vector of
attack/compromise on your machine was through a app/script of some
sort running on your website. Any of the app's you mentioned in an
earlier post is suspect in this case.


"Nothing in life is to be feared. It is only to be understood."
--Marie Curie

More information about the CentOS mailing list