[App_rpt-users] What is the "debian" user in the DIAL distro?
k6kya at hokeynet.net
Wed May 10 15:15:20 EDT 2017
Does anyone know what the user "debian" is used for in the DIAL distro?
I had a node compromised where it appears they guessed the password for
the user debian. I note on other un-compromised nodes there is a
preexisting user "debian" with a password set.
The attacker installed a bitcoin miner, storing their files under
/var/tmp/.new chrootkit reported it as possibly being the Mumblehard
I'd suggest anyone with a DIAL node, at the very least, remove the user
passwd -d debian
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the App_rpt-users