[ubuntu-uk] linux & viruses

Tony Travis a.travis at abdn.ac.uk
Wed Oct 21 13:18:20 BST 2009

Tony Arnold wrote:
> [...]
> Having said, that Linux is not immune from the hackers. My experience is
> that most incidents with Linux machines have been down to week or
> default passwords. Hackers can then get in and use the machine to scan
> other machines for weaknesses. My guess is if you put a machine on the
> netork with an ssh daemon running and a user name of david and password
> of david (for example), then it will be compromised within 24 hours or
> less. (I know someone who did exactly this).

Hello, Tony.

I second that: We got hit because a user with a dictionary name set a 
password of 12345 ...

You can slow down 'brute-force' attacks using IP-tables with, for 
example, "fail2ban", which is in the Ubuntu repo's. This 'bans' an IP 
after a configurable number of failed login attempts.

However, it's not just SSH that you have to worry about: One of my 
servers was recently caught sending 100,000 SPAM emails because it had 
been compromised using a PHP exploit via port 80.

I've previously used "Nikto" to check web servers for vulnerabilities:


I've used "nessus":


In the good old days, "nessus" was GPL. Unfortunately, "nessus" is no 
longer FLOSS and requires a paid for subscription for 'professional' 
use. However, there is now a FLOSS fork of the previously GPL "nessus" 
code called OpenVAS:


I've been trying this out recently, and it looks very good!


Dr. A.J.Travis, University of Aberdeen, Rowett Institute of Nutrition
and Health, Greenburn Road, Bucksburn, Aberdeen AB21 9SB, Scotland, UK
tel +44(0)1224 712751, fax +44(0)1224 716687, http://www.rowett.ac.uk
mailto:a.travis at abdn.ac.uk, http://bioinformatics.rri.sari.ac.uk/~ajt

More information about the ubuntu-uk mailing list