Date: Tue, 22 Dec 2009 11:35:44 -0500 From: "Andresen, Jason R." <jandrese@mitre.org> To: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org> Subject: RE: Hacked - FreeBSD 7.1-Release Message-ID: <600C0C33850FFE49B76BDD81AED4D25801371D8056@IMCMBX3.MITRE.ORG> In-Reply-To: <4B20B509.4050501@yahoo.it> References: <bd52e0bd614fbaffcf8c9ff9da35286e@mail.isot.com> <4B20B509.4050501@yahoo.it>
index | next in thread | previous in thread | raw e-mail
Squirrel wrote: >most likely could be some kind of remote code execution or SQLi executed >in the context of some php scripts, you should audit php code of your >web interface and of the websites you host. >also consider the strenght of your passwords, lots of login attempts to >ssh/ftp may mean a he has tried a bruteforce (or a dictionary attack >maybe). you should also check webmin logs, there are a few bruteforcer >for webmin out there, (*hint*) consider the lenght of your average >password if it's more than 7-8 characters aplhanumeric with simbols most >likely this isn't the case. While it's true that it's a good idea to check your password strength, pretty much any host connected to the internet is going to be hit daily by bots looking for weak passwords. It's one area where you logs don't help much because there is too much noise.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?600C0C33850FFE49B76BDD81AED4D25801371D8056>