I woke this morning to a series of questions about a somewhat sensationalist article published by ZDnet this morning: Linux-powered botnet generates giant denial-of-service attacks
All Linux distributions -- Ubuntu, Red Hat, and others -- enable SSH for remote server login. That’s just a fact of life in a Linux-powered, cloud and server world. SSH is by far the most secure way to administer a Linux machine remotely, as it leverages both strong authentication and encryption technology, and is actively reviewed and maintained for security vulnerabilities.
However, in Ubuntu, we have never in 11 years asked a user to set a root password by default, and as of Ubuntu 14.04 LTS, we now explicitly disable root password logins over SSH.
Any Ubuntu machine that might be susceptible to this XOS.DDoS attack, is in a very small minority of the millions of Ubuntu systems in the world. Specifically, a vulnerable Ubuntu machine has been individually and manually configured by its administrator to:
- permit SSH root password authentication, AND
- have set a root password, AND
- have chosen a poor quality root password that is subject to a brute force attack
A poor password generally uses a simple dictionary word, or a short password without numbers, case sensitivity or symbols.
Moreover, the antivirus software ClamAV is freely available in Ubuntu (sudo apt-get install clamav), and is able to detect and purge XOR.DDoS from any affected system.
As a reminder, it’s important to:
- Always choose high quality passwords for all users on any computer system
- Avoid using SSH password authentication, in favor of SSH key authentication, whenever possible
- Ensure that all security patches are applied
For an exhaustive review of all Ubuntu security features, please refer to: