[OZAPRS] Thank you hacker

Matthew Cook vk5zm at bistre.net
Tue Aug 15 10:12:16 AEST 2017

If you're going to put a pi (or any linux machine) on the net make sure
you've hardened it first.

It pays to disable the "pi user" account and create your own, then some
simple firewall rules and fail2ban if you're going to leave the ssh port
open.  Using some nasty password generated by lastpass or keypass will do
you well.    SSH certificate's are your friend if you dont want to deal
with the constant login attempts.   Also make sure that you reduce your
logging requirements if you've got a small SD card in the machine.   There
are a heap of Debian tutorials that work directly on the rPi.

I've been running my receive only iGate on a rPi-A for the past 3-4 years,
hardened they are good, left open they will be p00ned.

This isn't the first rPi to be hacked as Dave have suggested script kiddies
can now get in and run amok.  It used to be amusing watching script kiddies
try to install x86 packages on a rPI but they are wise to ARM based procs

I know of another Amateur based rPi project that this happened too recently
as well.



On 15 August 2017 at 01:45, Andrew Rich <vk4tec at tech-software.net> wrote:

> I would like to say thank you the Californian individual that took the
> time and effort hack my little project
> I have to now deal with 65,000 emails
> You have restored my faith in humanity
> A
> ------------------------------------------
> Andrew Rich VK4TEC
> e vk4tec at internode.on.net
> m 0419 738 223
> _______________________________________________
> OZAPRS mailing list
> OZAPRS at aprs.net.au
> http://lists.aprs.net.au/mailman/listinfo/ozaprs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aprs.net.au/pipermail/ozaprs/attachments/20170815/e914aac2/attachment.html>

More information about the OZAPRS mailing list