[App_rpt-users] What is the "debian" user in the DIAL distro?

Steve Passmore k6kya at hokeynet.net
Wed May 10 15:15:20 EDT 2017


Does anyone know what the user "debian" is used for in the DIAL distro?
 I had a node compromised where it appears they guessed the password for
the user debian.  I note on other un-compromised nodes there is a
preexisting user "debian" with a password set.
The attacker installed a bitcoin miner, storing their files under
/var/tmp/.new     chrootkit reported it as possibly being the Mumblehard
backdoor.

I'd suggest anyone with a DIAL node, at the very least, remove the user
"debian"'s password.

passwd -d debian

Steve, k6kya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.allstarlink.org/pipermail/app_rpt-users/attachments/20170510/dc360158/attachment.html>


More information about the App_rpt-users mailing list