New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I guess that won't help me to use my Sublime Text/Notepadd++ with enough comfort :P LOL
@yomero just whitelist whatever netblock your ISP is giving you IPs from and hope that there are not many hackers from Mexico who try to enter your server from their home IP
Yes, I thought that
And then I thought that ¬_¬
one time ago, my client dev server use knocking system and the system create new iptables rules upon successful knock, so what I did is connect first with ssh (so the server create new rules for my ip address) and then make second connection for my sublime. more stuff to do, but it worked for me.
@libro22 ssh keys should of come to mind before whitelisting
Hmmmm, I guess that I need to look deep at the iptables rules. Maybe I can achieve the same.
Thanks!
Iptables doesn't get the credit it deserves
Any updates on this one? I'm too lazy to dig other sources atm.
Nothing AFAIK
Well, some ideas leading to a local vuln.
That's all.
It was cPanel:
http://forum.whmcs.com/showthread.php?68611-cPanel-support-compromised&p=296646
Also non cPanel related servers were affected. We can assume that (in case of local vulnerability) cPanel local machine was just one from infected.
Looks like it was cPanel indeed. As most of the hosts affeted were having cPanel.
As this rootkit was grabbing other passwords from ssh probably non-cPanel hosts data leaked from infected cPanel hosts.
It was observed on a number of DirectAdmin servers, too.
Why would you SSH from a web hosting server to another one?
To scp something, for instance.
Yeah, forgot about file transfer.
Nevermind