Sloppy Linux Admins Enable Slow Brute-Force Attacks

badger.foo passes on the report of Peter N. M. Hansteen that a third round of low-intensity, distributed brute-force attacks is now in progress — we earlier discussed the first and second rounds — and that sloppy admin practice on Linux systems is the main enabler. As before, the article links to log data (this time 770 apparently already compromised Linux hosts are involved), and further references. "The fact that your rig runs Linux does not mean you're home free. You need to keep paying attention. When your spam washer has been hijacked and tries to break into other people's systems, you urgently need to get your act together, right now."

Re:overly paranoid

[c0d3g33k]

You're laughably stupid. Set PasswordAuthentication to no and your statistics become meaningless because they don't apply at all. Not even a lucky guess can result in a breach, because you have removed that avenue of attack entirely. If you want to play the statistics game, PubkeyAuthentication with strong encryption plus regular key changes plus some sort of port knocking scheme gives numbers that are much better than yours. I'll take "when hell freezes over" in place of "once in a blue moon" any day of the week. Give me scheme with even better odds and I'll take it. The highway of history is littered with fools who thought "they'll never figure this out. Wait. What? Oh shi....". SuperBanana indeed. You'll end up on the wrong end of someone's super banana before you know what hit you.