Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Hail Mary Cloud and the Lessons Learned

Posted by timothy on Saturday October 5, 2013 @06:08AM from the not-so-full-of-grace dept.

badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe."

3 of 99 comments (clear)

Min score:

Reason:

Sort:

Denyhosts by mcelrath · 2013-10-05 06:35 · Score: 5, Informative

The solution to low-frequency brute force attempts is Denyhosts. It just blocks any host with repeated failed login attempts. I've been using it for longer than I can remember, probably longer than this "Hail Mary" botnet has been in existence. I'm not sure why this author seems to have never heard of it.

--
1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
1. Re:Denyhosts by Anonymous Coward · 2013-10-05 06:43 · Score: 5, Informative
  
  Another useful software for auto-banning bad accesses is fail2ban which can also handle other services, like exim, vsftp, apache, etc.
Executive summary by Anonymous Coward · 2013-10-05 07:20 · Score: 5, Informative

"I've managed to get my name on slashdot a lot"
"Use key auth instead of passwords"
"My references are my own blog posts"
There's nothing interesting to see here. Don't allow password logins to your system, because you can't trust people to use good passwords. It's 2013, there's no cake for pointing this out.