Mailing List Archive: SSH hacked

SSH hacked

Feb 12, 2005, 5:59 PM

Post #1 of 2 (1349 views)

Hi, one of my servers has been compromised. The person who did it changed
the ssh binary to log every ssh attempt to /usr/local/doc/.sh.

On this file each attempt is recorded in this way:

Host: hostname

User: user

Password: password

Is it some known exploit or it is a special ssh version compiled by the
attacker?

Re: SSH hacked [ In reply to ]

vapier at gentoo

Feb 12, 2005, 7:23 PM

Post #2 of 2 (1301 views)

Permalink

On Saturday 12 February 2005 07:59 pm, danilotaveira wrote:
> Is it some known exploit or it is a special ssh version compiled by the
> attacker?

it's not that hard to code this hook in yourself
-mike

--
gentoo-security@gentoo.org mailing list