Les Mikesell wrote: > On Tue, Dec 6, 2011 at 2:18 PM, Karanbir Singh <mail-lists at karan.org> > wrote: >> On 12/06/2011 08:09 PM, Les Mikesell wrote: >>> Any luck on the specific attack path yet? The linked article >>> suggests Centos up to 5.5 was vulnerable. >> >> We dont have access to the actual machines that were broken into - so >> pretty much everything is second hand info. >> >> But based on what we know and what we have been told and what we have >> worked out ourselves as well, its almost certainly bruteforced ssh >> passwords. > > So, coincidence that they were CentOS, and pre-5.6? Did they have > admins in common? Just incompetent ones. I believe I remember a map on the article, and they had one or more in Poland, and some in southeast Asia, etc. mark