Thursday, April 13, 2006

Break In

What damage can a hacker do using GNU Nano on MacOSX?

I found my cpu usage was going through the roof for no apparent reason. I looked in Activity Monitor and to my horror, a 'postgres' user had 'bash', 'sshd' and 'nano' threads running, 'nano' consuming over 60%.

I killed the threads and changed the 'postgres' user password.

I am a developer and I can get stupid, lazy, or rushed. I had installed PostgreSQL for a project I was working on, in a hurry, had to make a 'postgres' user, used 'postgres' as the password, then did not think about it ...... and yes, my NAT passes the SSH port from the outside.

I was getting lots of :
com.apple.SecurityServer: authinternal authenticated user postgres

Now I am getting lots of :
error: PAM: Authentication failure for postgres from 86.123.230.195
error: PAM: Authentication failure for postgres from acb01fc5.ipt.aol.com
etc.

Oi You !!!!! Naff Off !!!!!


UPDATE
What were they doing?
Running 'postfix'.

Now that is really embarrassing, they were sending spam from my machine !!
How come you can do that from Nano ???

No comments: