Hi, one of my servers has been compromised. The person who did it changed
the ssh binary to log every ssh attempt to /usr/local/doc/.sh.
On this file each attempt is recorded in this way:
Host: hostname
User: user
Password: password
Is it some known exploit or it is a special ssh version compiled by the
attacker?
the ssh binary to log every ssh attempt to /usr/local/doc/.sh.
On this file each attempt is recorded in this way:
Host: hostname
User: user
Password: password
Is it some known exploit or it is a special ssh version compiled by the
attacker?