In association with heise online

12 August 2010, 13:09

Botnet attacks SSH servers

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a number of reports (here and here), the dd_ssh bot is currently responsible for an increase in brute force attacks on SSH connections. Botnet herders are apparently injecting the script via a phpMyAdmin vulnerability and using the compromised computers for targeted SSH attacks. The vulnerability is a year old and only affects the outdated phpMyAdmin versions 2.11.x prior to 2.11.9.5 and 3.x prior to 3.1.3.1.

By using a large botnet and therefore a large number of IP addresses, and ensuring that each bot makes only a few login attempts, botnet herders can fly under the radar of filtering solutions, since each bot fails to reach the blocking threshold. The best means of protecting against this kind of attack is the use of a shared blacklist from the cloud which can be automatically imported by a script such as DenyHosts. A basic requirement still remains a secure – even if inconvenient – password.

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-1057642
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit