[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....

Wed Jun 3 17:38:49 UTC 2009
Drew <drew.kay at gmail.com>

> Further googling indicates that UnixCod  is a brute force ssh scanner... what is is odd is that i have fail2ban ruunning ( which blocks IPs after 2 failed attempts) and a 8 letter passwd but i still got hacked....

Hi Marco,

Just because the app is an SSH scanner doesn't automatically mean they
broke in through SSH.

As has been mentioned a few times the most likely vector of
attack/compromise on your machine was through a app/script of some
sort running on your website. Any of the app's you mentioned in an
earlier post is suspect in this case.


-- 
Drew

"Nothing in life is to be feared. It is only to be understood."
--Marie Curie