rafpin
No user record in our sample, but rafpin has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
No user record in our sample, but rafpin has activity below (stories or comments). Likely we have partial data — the full bulk-load will fill profiles in.
> Such things can always be automatically discovered. Wouldn't fail2ban + reasonably sized (10+ ports using a mix of udp and tcp) knock sequence prevent brute force attacks like these?
Would ssh servers with port knocking set up be safe from this backdoor? I'm not sure I got it correctly, but seems the RCE can only be performed after connecting to the ssh server, but if the port is hidden behind a…