[ubuntu-uk] linux & viruses

Neil Greenwood neil.greenwood.lug at gmail.com
Thu Oct 22 09:11:32 BST 2009

2009/10/22 Paul Roach <roachy at roachy.net>:
> [snip]
> If possible, only permit key based login using SSH as well - this will
> completely remove the risk of password based attacks....

This is a very good idea but it's not always sufficient, as Apache
recently found out.

In their case, a third-party webserver got compromised, but it had
accounts that had SSH keys to enable backup of apache servers. The SSH
config on these password-less SSH keys allowed all commands, not just
the backup commands.

The attackers managed to alter the data on a staging server and then
the automated backup copied it into production!

To their credit, they did a full investigation and made all the
results public here


More information about the ubuntu-uk mailing list