Displaying 20 results from an estimated 3000 matches similar to: "Another Fedora decision"
2015 Feb 05
3
Another Fedora decision
On Thu, February 5, 2015 9:34 am, Always Learning wrote:
>
> On Thu, 2015-02-05 at 09:51 -0500, Lamar Owen wrote:
>
>> On 02/04/2015 07:55 PM, Always Learning wrote:
>> > Rent ? That costs money. Just crack open some Windoze machines and do
>> > it for free. That is what many hackers do.
>>
>> Those crackers who build these botnets are the ones who
2015 Feb 05
0
Another Fedora decision
On Thu, 2015-02-05 at 09:51 -0500, Lamar Owen wrote:
> On 02/04/2015 07:55 PM, Always Learning wrote:
> > Rent ? That costs money. Just crack open some Windoze machines and do
> > it for free. That is what many hackers do.
>
> Those crackers who build these botnets are the ones who rent out botnet
> time to people who just was to get the work done. There is a large
2015 Feb 05
2
Another Fedora decision
> On Feb 4, 2015, at 5:43 PM, Warren Young <wyml at etr-usa.com> wrote:
>
> SSH as shipped on CentOS doesn?t allow 1,000 guesses per second, as this calculator assumes
Hmm, just thought of a counterattack:
If CentOS?s SSH currently allows 10 guesses per minute *per IP*, all you need to do to get 1,000 guesses per second is to rent time on a 6,000 machine botnet.
2015 Feb 05
3
Another Fedora decision
On 02/05/2015 10:34 AM, Always Learning wrote:
> On Thu, 2015-02-05 at 09:51 -0500, Lamar Owen wrote:
>
>> Those crackers who build these botnets are the ones who rent out
>> botnet time to people who just was to get the work done. There is a
>> large market in botnet time.
> Surely its time for the Feds to arrest and change them ?
The Feds in which country?
>
2015 Feb 05
0
Another Fedora decision
On Wed, 2015-02-04 at 17:50 -0700, Warren Young wrote:
> > On Feb 4, 2015, at 5:43 PM, Warren Young <wyml at etr-usa.com> wrote:
> >
> > SSH as shipped on CentOS doesn?t allow 1,000 guesses per second, as this calculator assumes
>
> Hmm, just thought of a counterattack:
>
> If CentOS?s SSH currently allows 10 guesses per minute *per IP*, all you need to do
2015 Feb 05
1
Another Fedora decision
> On Feb 4, 2015, at 5:55 PM, Always Learning <centos at u64.u22.net> wrote:
>
> On Wed, 2015-02-04 at 17:50 -0700, Warren Young wrote:
>
>>> rent time on a 6,000 machine botnet.
>
> Rent ? That costs money. Just crack open some Windoze machines and do
> it for free. That is what many hackers do.
Acquiring your own botnet requires time and effort. Renting
2019 Aug 02
3
[OT] odd network question
On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote:
>
> > This is just the first screen of it, there are many more. The data
> > compiled here is for the last month (rsyslog is keeping the current
> > log plus four older logs). I find it disturbing that there were 12251
> > attempts at telnet during that time, 2154 on 8080, and so forth. either
> > I'm
2013 Aug 22
3
Logging passwords on auth failure/dealing with botnets
Hi,
Since upgrading our mail servers to Postfix/Dovecot, we've seen a rather large increase in botnet brute force password attacks. I guess our old servers were too slow to suit their needs.
Now, when they hit upon a valid user, it's easy to see what passwords they are trying (we've enabled auth_debug_passwords and set auth_verbose_passwords = plain). We can easily have log
2015 Feb 05
1
Another Fedora decision
On Thu, February 5, 2015 10:08 am, Always Learning wrote:
>
> On Thu, 2015-02-05 at 09:41 -0600, Valeri Galtsev wrote:
>
>> >> > wac4140SoeTer'#621strAAt0918;@@
>> >
>> > Gee thanks. I'll use it for root on every server ;-)
>
>> I know this is joke. Yet (in a slim chance someone out there can follow
>> it
>> with seriousness)
2015 Jul 29
1
Fedora change that will probably affect RHEL
On Tue, July 28, 2015 19:46, Warren Young wrote:
>
> iPads can???t be coopted into a botnet. The rules for iPad passwords
> must necessarily be different than for CentOS.
>
http://www.tomsguide.com/us/ios-botnet-hacking,news-19253.html
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne
2015 Feb 05
0
Another Fedora decision
On Thu, 2015-02-05 at 09:41 -0600, Valeri Galtsev wrote:
> >> > wac4140SoeTer'#621strAAt0918;@@
> >
> > Gee thanks. I'll use it for root on every server ;-)
> I know this is joke. Yet (in a slim chance someone out there can follow it
> with seriousness) I would strongly suggest:
>
> Don't do it. Don't use anything as any sort of password
2015 Feb 05
2
Another Fedora decision
On 5 February 2015 at 10:36, Warren Young <wyml at etr-usa.com> wrote:
> When the hashes are properly salted, the only option is brute force. All having /etc/shadow does for you is let you make billions of guesses per second instead of 5 guesses per minute, as you get with proper throttling on remote login avenues.
Kinda highlights that 'time' is important here. Booting into a
2015 Jul 28
3
Fedora change that will probably affect RHEL
> On Jul 28, 2015, at 11:27, Warren Young <wyml at etr-usa.com> wrote:
>
> On Jul 25, 2015, at 6:22 PM, Bob Marcan wrote:
>>
>> 1FuckingPrettyRose
>> "Sorry, you must use no fewer than 20 total characters."
>> 1FuckingPrettyRoseShovedUpYourAssIfYouDon'tGiveMeAccessRightFuckingNow!
>> "Sorry, you cannot use punctuation."
2015 Jul 30
1
Fedora change that will probably affect RHEL
On 07/28/2015 03:06 PM, Chris Adams wrote:
> Once upon a time, Warren Young <wyml at etr-usa.com> said:
>> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords.
> Since most of that crap comes from Windows hosts, the security of Linux
>
2015 Jul 28
11
Fedora change that will probably affect RHEL
Once upon a time, Warren Young <wyml at etr-usa.com> said:
> Much of the evil on the Internet today ? DDoS armies, spam spewers, phishing botnets ? is done on pnwed hardware, much of which was compromised by previous botnets banging on weak SSH passwords.
Since most of that crap comes from Windows hosts, the security of Linux
SSH passwords seems hardly relevant.
> Your freedom to use
2015 Feb 03
5
Another Fedora decision
On Mon, 2015-02-02 at 17:49 -0700, Warren Young wrote:
> Polio was almost completely eradicated, but it?s starting to come back in the middle east after the CIA used a fake vaccination campaign as a pretext to try to get into bin Laden?s Pakistan compound:
The Taliban were created and funded by the USA, using the Pakistani
intelligence service, to give the Russian invaders of Afghanistan a
2009 Aug 05
2
Million linux virtual machines
If someone posted already, forgive me I get the digest.
http://www.tgdaily.com/content/view/43480/108/
Scientists get a million Linux kernels to run at once
Scientists at Sandia National Laboratories in Livermore, have run more than
a million Linux kernels as virtual machines.
(how long before shared hosts use this....lol)
The technique will allow them to effectively observe behaviour found
2019 Aug 02
0
[OT] odd network question
Fred Smith wrote:
> On Fri, Aug 02, 2019 at 08:22:06AM +0100, Pete Biggs wrote:
>
>>
>>> This is just the first screen of it, there are many more. The data
>>> compiled here is for the last month (rsyslog is keeping the current log
>>> plus four older logs). I find it disturbing that there were 12251
>>> attempts at telnet during that time, 2154 on
2017 Nov 06
2
How to detect botnet user on the server ?
Hello guys,
Whats is the best way to identify a possible user using a botnet with php
in the server? And if he is using GET commands for example in other server.
Does apache logs outbound conections ?
If it is using a file that is not malicious the clam av would not identify.
Thanks
2017 Nov 06
1
How to detect botnet user on the server ?
Another alternative is to use a FIMS/HIDS such as Aide (Advanced Intrusion Detection Environment), OSSEC or Samhain. Be prepared to learn a lot about what your OS normally does behind the scenes (and thus a fair amount of initial fine tuning to exclude those things). Aide seems to work well (I've seen only one odd result) and is quite granular. However, it is local system based rather than