(quote source: Peter Hansteen, Norway)
Recently, the "That Grumpy BSD Guy" blog posted an article concerning the third wave of slow, low intensity distributed brute force attacks on Linux machines that is currently occurring across the world. The number of machines affected is relatively small- about 775, but the reason that it is working on these Linux machines is not necessarily the insecurity of Linux. The attacks are working only on machines that have Administrators with very poor security practices. As the original article states:
Most likely the perpetrators keep going because they occasionally succeed, and when they do, it's because every now and then they luck on a Linux machine with either
- a maintenance regime that's disorganized enough that software with known and exploitable bugs is left in place for long enough to open the doors to undesirables, or
- at least one user (whoever is manning root or any of the other user IDs we know they will be sniffing out later) with a guessable password and a system administration regime that lets weak passwords exist in the first place.
This post serves as a friendly, sobering reminder that although Linux is a wonderful, secure operating system, user and administrator carelessness can get you in trouble, regardless of what operating system you run.
Another example of good security circumvented by negligent user activity is when you see a shiny new Mercedes Benz, equipped with one of the best manufacturer security systems in the business (it includes internal motion sensors and towing sensors, among other features), sitting in the grocery store parking lot with the keys in the ignition and running while the owner shops for groceries because the grocery shopper doesn't want to wait for the car to warm up or cool off when they get back into the car.
How do we avoid being at risk?
- Use good password security.
- Keep your machines updated with security updates on a timely basis.
- Disable unneccessary network services.
- Be aware of current security issues, and respond accordingly.
This stuff isn't rocket science, people. Neither is good oral hygiene, though, and dentists have been struggling to teach that for years.
A list of the affected machines from the attack is available here. If one or more of these machines is yours, please (re-)secure them.
Slashdot has some informative user comments in response to this article, as well.