does not work. Do you have a
copy of the binary file which tries to download?
I'm just curious.
AFAIK the openwrt/lede firewall blocks the WAN ports by default.
However blocking telnet/ssh on the WAN ports is sometimes a headache
because, for any reason on the router/network setup, you only have
access to the WAN port (or what LiMe system believes is the WAN port). I
personally don't like it as a default policy. I would prefer to
distribute the lime binaries with a default password (lime?) and/or
force Chef to ask for a password to the user.
On 22/12/16 19:23, Ilario wrote:
2016-12-22 13:19 GMT+01:00 Gui Iribarren
<gui(a)altermundi.net>et>:
i had been infected already with some malware :(
found a process "LA4obRtMROA7TAt2wWN1TnwHw"
and a file in the root directory: /bin.sh
which i copy at the end of this email for reference.
wooooooooooo srsly??
so funny, for a moment i felt a deja-vu like the
many times i connected
a Windows PC directly to a public IP, and in under 5 minutes it had been
infected with viruses.
ROTFL we could call next release LibreMesh 98
It most likely came in via telnet, since
that's open and passwordless
by default on our releases.
I think we should at least block telnet port over WAN by default
+1
But consider that trunk is not using telnet anymore as on LEDE default
is ssh with empty root password.
We should block ssh on WAN port until when root password gets set,
later it will have to be accessible.
Maybe LEDE people already have something for this...?
_______________________________________________
lime-dev mailing list
lime-dev(a)lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-dev