Break In
ComputingWhat damage can a hacker do using GNU Nano on MacOSX?
I found my cpu usage was going through the roof for no apparent reason. I looked in Activity Monitor and to my horror, a ‘postgres’ user had ‘bash’, ‘sshd’ and ’nano’ threads running, ’nano’ consuming over 60%.
I killed the threads and changed the ‘postgres’ user password.
I am a developer and I can get stupid, lazy, or rushed. I had installed PostgreSQL for a project I was working on, in a hurry, had to make a ‘postgres’ user, used ‘postgres’ as the password, then did not think about it …… and yes, my NAT passes the SSH port from the outside.
I was getting lots of : com.apple.SecurityServer: authinternal authenticated user postgres
Now I am getting lots of : error: PAM: Authentication failure for postgres from 86.123.230.195 error: PAM: Authentication failure for postgres from acb01fc5.ipt.aol.com etc.
Oi You !!!!! Naff Off !!!!!
UPDATE What were they doing? Running ‘postfix’.
Now that is really embarrassing, they were sending spam from my machine !! How come you can do that from Nano ???