JP Vossen on 12 Jun 2017 09:06:08 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] PI being targeted for malware 

On 06/12/2017 11:48 AM, Anthony Martin wrote:
Anyone working with a raspberry pi read the bellow and change your passwords if they are still set to the default. 

http://boingboing.net/2017/06/11/mzi8s867ylmc7bspmeh95povxpq3pz.html
Also: https://linux.slashdot.org/story/17/06/11/0552231/linux-malware-infects-raspberry-pi-devices-and-makes-them-mine-cryptocurrency
And there is a bot running that's trying to guess passwords for all kinds of accounts. In the last 2-3 days I've seen many attempts on my non-standard SSH port, from all over, for users like: 
    Vamdatlamuit123
    admin
    administrador
    administrator
    alan
    amavis
    angel
    backups
    cactiuser
    chef
    close
    cocoon
    cpanel
    db2inst1
    demo
    demo1
    emil
    fedora
    ftpuser
    git2
    gnuworld
    gopher
    greg
    jason
    jay
    jeffchen
    keiv
    kibitnr1
    koha
    liferay
    mailer
    mdpi
    my
    nodeserver
    oracle
    ovhuser
    pos
    postgres
    pramod
    rapsberry	<<< Interesting spelling
    robyn
    share
    soporte
    squid
    tech
    temp
    test
    testuser
    uqsguru
    us
    user01
    user4
    webadm
    wp
    znc

Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug