The Hail Mary Cloud and the Lessons Learned

badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe."

Nothing you can do?

I think this article points to the fact the author is retarded.

There is nothing you can do he proclaims after exhausting ALL efforts! How about not permitting SSH at ALL except from known trusted source ip/subnets?!?!?!

Move your SSH port off from 22 TCP to 8222 or something high, since most automated brute force attackers won't spend time port scanning every host, they will go after the well known ports like 21, 22, 1433, 5060, etc (as evidenced by all the noise in my logs). Just use a DNAT rule in your FW.

Even better, use a VPN/IPSec concentrator approach where anything that access those resources on administrative ports must connect via the tunnel. Use really strong PSK's, or x.509 certs...

Then the obvious help for us all, don't permit root logins via SSH! How did this article even make it to Slashdot?

Dumb *BSD guy

I am writing this on a BSD machine, but this guy is a disingenuous SHILL. If you have a computer connected to the interwombs, just USE A FUCKING STRONG PASSWORD: NOT: Anna123, PeterPan, Fuckme, dumbass, microsoft, sleaze, shill, whore, foss USE: 767.211.856.543. Too much work for you ? Then don't have an ssh port open on the interwombs. Please don't reproduce either, because you are simply too retarded to get the obvious fix (strong password).