List:Packagers« Previous MessageNext Message »
From:Michal Marek Date:October 22 2007 12:51pm
Subject:Re: automated search for open mysql system user accounts? (fwd)
View as plain text  
Lenz Grimmer napsal(a):
> we received the following note from the folks at openSUSE today. Did anybody of
> you observe similar activity on publicly accessible systems? I wonder if there
> is some known vulnerability that these login attempts try to exploit? A MySQL
> user account with a known password or no password? Or do they just do
> brute-force attempts?
> 
> Darix reported log entries similar to this one on IRC to me:
> 
> Oct 22 12:16:47 zen sshd[5122]: error: PAM: Authentication failure for mysql from
> 62.242.188.78

It tried ssh to the 62.242.188.78 host and it it's no rocket science to 
guess a valid username/password pair. So I'd say it's just a worm 
brute-forcing weak passwords, nothing new :)

have a nice day,
Michal
Thread
automated search for open mysql system user accounts? (fwd)Lenz Grimmer22 Oct
  • Re: automated search for open mysql system user accounts? (fwd)Michal Marek22 Oct
  • Re: automated search for open mysql system user accounts? (fwd)Michael Shigorin22 Oct