[arm-allstar] crontab -e does this look normal?
Doug Crompton
wa3dsp at gmail.com
Fri Apr 3 09:28:46 EDT 2020
Matt,
I am confused about what happened. If you terminated port forwarding of
ssh months ago then did this just happen or is it you just discovered it
and you don't know when it happened? Not port forwarding would eliminate
any direct input but if you are still getting hit then perhaps there is
another hole on another device?
*73 Doug, WA3DSP*
*http://wa3dsp.org <http://wa3dsp.org>*
On Fri, Apr 3, 2020 at 2:30 AM "Matt Rhoades via ARM-allstar" <
arm-allstar at hamvoip.org> wrote:
> Yes is was kind of simple, not 1234 or pass simple, but certainly not
> complex enough. I posted a month or 2 ago about the brute force I
> experienced. Yes SSH is 222, I have terminated port forwarding there a
> couple months ago.
>
> At any rate I have a fresh image.
>
> Thanks again to Doug and David, you guys rock, more donations headed your
> way!!
>
> On Thu, Apr 2, 2020 at 9:08 PM Matt Rhoades <lumpsum at gmail.com> wrote:
>
> > Just wanting to check if these crons are ok, as I was having some brute
> > force attacks and also seemed to have a compromised root password.
> >
> > * */2 * * * /root/.bashtemprc/a/upd>/dev/null 2>&1
> > @reboot /root/.bashtemprc/a/upd>/dev/null 2>&1
> > 5 8 * * 0 /root/.bashtemprc/b/sync>/dev/null 2>&1
> > @reboot /root/.bashtemprc/b/sync>/dev/null 2>&1
> > 0 0 */3 * * /tmp/.X21-unix/.rsync/c/aptitude>/dev/null 2>&1
> >
> > paste:
> >
> > https://paste.ofcode.org/33T6Kxw5kE9EY66izhdSawp
> >
> > --
> > Matthew D. Rhoades
> > KI7UEF 47727 Redmond, OR
> >
>
>
> --
> Matthew D. Rhoades
>
> 303-736-9350
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
More information about the ARM-allstar
mailing list