It’s configured to allow requests from connections using common default passwords. If it wasn’t a honeypot the requests would succeed. I don’t currently run an rdp honeypot but I did a few years back, iirc the rates were about the same with rdp being a little bit less. Which as I say, comes down to configuration and usage. If you misconfigure Linux you will get malware, same as Windows.
Comment on Alternative to ClamAV?
Zeth0s@lemmy.world 1 year agoDoes the attack succeed? Never happened to me. You see bot trying, but really never seen succeeding irl. How is it configured?
peter@feddit.uk 1 year ago
Zeth0s@lemmy.world 1 year ago
Ok, than the experiment you are doing is to check how many attacks you can get over time… It is not really representative of a common use case. And again, this is not a virus. It is an successful attack from on a purposely misconfigured internet service. An antivirus is not needed. What is needed is basic configuration
peter@feddit.uk 1 year ago
Okay if we are taking the definition of a virus to be something that a person must download and execute, what about malicious javascript/python packages? They often target production systems running Linux and infection is caused by user error rather than misconfiguration.
Zeth0s@lemmy.world 1 year ago
I use python professionaly. Never seen a real successful supply chain attack on library used by “normal” people. There was recently a supply chain attack to pytorch, that I remember, but it was solved within few hours.
It is not a real risk for non developers. It is a risk, but veeery low, miles lower than pdf.exe.
Just check this stat for ransomwares taken as an example of viruses: statista.com/…/major-operating-systems-targeted-b…
Windows server is ~20% of server market. Still it is there second, with no GNU/linux (80% of server market). This is why people do not really worry much, the risk exists, but it is minimal for well configured system compared to competition, even where competitors are a niche and Linux machines are the main target.
On windows, an antivirus is not a bad idea… On Linux, a firewall and basic care are usually sufficient
XTL@sopuli.xyz 1 year ago
Also, antivirus is the wrong idea there. What you’d want is an intrusion detection and/or integrity checking system.
Zeth0s@lemmy.world 1 year ago
And disable password authentication as first step