Root account

Brian Fahrlander brian at fahrlander.net
Thu Apr 19 00:27:57 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pete Holsberg wrote:
> Why is it not advisable to activate the root account??

   It's the one account the bulk-attack people can guess and try
millions of times until they get in.

   When you get ssh set up on a Linux box, and you have logwatch
running, you'll see just how bad it is.  It's also a good reason to use
usernames with parts of the first AND last names, not just "george" and
 a password of "password".  They try them by the millions per day,
literally.

    When they find one they can get into, the IP address goes into a
database for the real hackers to come mess with...and you find yourself
sending spam for the bot-herders.

    I've used Unix since 1989; trust me- great idea to keep it the
default way.


- --
 ------------------------------------------------------------------------
 Brian Fahrländer                 Christian, Conservative, and Technomad
 Evansville, IN                              http://Fahrlander.net/brian
 ICQ: 5119262                         AOL/Yahoo/GoogleTalk: WheelDweller
 ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGJreN6PLtRzZbdhYRApsYAJ4uccKpx2fUxWF/pc5P9qS1kvwv5gCfSvUl
PIxAnsX1BIJ4VmwkIAJwxO8=
=OhEq
-----END PGP SIGNATURE-----




More information about the ubuntu-users mailing list