[ubuntu-uk] linux & viruses
neil.greenwood.lug at gmail.com
Thu Oct 22 09:11:32 BST 2009
2009/10/22 Paul Roach <roachy at roachy.net>:
> If possible, only permit key based login using SSH as well - this will
> completely remove the risk of password based attacks....
This is a very good idea but it's not always sufficient, as Apache
recently found out.
In their case, a third-party webserver got compromised, but it had
accounts that had SSH keys to enable backup of apache servers. The SSH
config on these password-less SSH keys allowed all commands, not just
the backup commands.
The attackers managed to alter the data on a staging server and then
the automated backup copied it into production!
To their credit, they did a full investigation and made all the
results public here
More information about the ubuntu-uk