[ubuntu-uk] linux & viruses
Neil Greenwood
neil.greenwood.lug at gmail.com
Thu Oct 22 09:11:32 BST 2009
2009/10/22 Paul Roach <roachy at roachy.net>:
> [snip]
>
> If possible, only permit key based login using SSH as well - this will
> completely remove the risk of password based attacks....
>
This is a very good idea but it's not always sufficient, as Apache
recently found out.
In their case, a third-party webserver got compromised, but it had
accounts that had SSH keys to enable backup of apache servers. The SSH
config on these password-less SSH keys allowed all commands, not just
the backup commands.
The attackers managed to alter the data on a staging server and then
the automated backup copied it into production!
To their credit, they did a full investigation and made all the
results public here
https://blogs.apache.org/infra/entry/apache_org_downtime_report
HTH
Cofion/Regards,
Neil.
More information about the ubuntu-uk
mailing list