Why fully patched sites get hacked
I've been corresponding with someone (this morning) that had a fully patched Drupal 6.15 website hacked. Since I often work with Drupal, this caught my attention. The hacker modified their bootstrap file which effects the entire website's content on this particular database driven website. They inserted links to various and sundry things with which the website owner no doubt wanted nothing to do. How embarrassing. It actually happens quite often, and to relatively well known people much more than it should. It even happens to well known tech advisers (not me, so far).
If you have an FTP account, that's very insecure all by itself. FTP passes its text in clear, exposing your username and password every time you log in. Only a very secure network should be trusted with unencrypted passwords like that. I don't have a network I consider that safe - in other words, don't do it!
If you're using a typical big hosting company they don't likely limit file access to FTP accounts. That means anyone who has access to the server (which could be anyone who dropped a real or fake credit card on your host for an account on those shared hosting packages) can view your files and that means they have access to your configuration files as well. If you use a database driven website (like Wordpress, Joomla, Drupal, etc.) that means your database is exposed in additional to any 777 permission files. The hacker doesn't even have to hack in such a case. He just gains access to the server and has his way with your website.
Your big (cheap) hosting service probably doesn't limit the number of times you can attempt a login from a single IP. Someone could pick up the password by sniffing the traffic if you're using FTP. But, they can as easily run a brute force attack against your password and crack it in minutes. Even with an incredibly complex password, you can throw a sequence of possible password combinations at an account and eventually break the password. It's hardly a challenge.
I see these attacks against my servers all the time. I watch the logs to see what account usernames are being accessed. As long as they never start beating on a real account, I've nothing to worry about. But, there's three simple steps to avoiding this kind of attack: don't use FTP, don't allow unlimited attempts and don't build websites that allow unlimited login attempts. This at least bars the unsophisticated hacker from waltzing into your website.
abercrombie clothes and pandora jewellery
Submitted by abercrombie and... on March 10, 2010 - 12:58am.ed hardy ed hardy ed hardy
Submitted by abercrombie325 on March 9, 2010 - 9:42pm.I love this post
Submitted by breann1985 on March 9, 2010 - 7:15pm.tiffany tiffany tiffany
Submitted by zwy67116949 on March 9, 2010 - 6:53pm.China Wholesale
Submitted by ugg boots on March 2, 2010 - 7:48pm.Another PS2 accessories is when dealing with a good As Seen On TV source is that not many of them really are Wedding Dresses. Most will tiffanyjewelryonsale simply sell Wholesale Televisions knock-off items or poor quality imitations of Hair Wigs Dropship goods you are looking to buy Wholesale Car Audio. In fact, the very best way to Wholesale Hair Wigs light bulk Wholesale PS3 is to look for Wii accessories that are already in the NDS accessories. Many Wholesale Bridal Dresses will also with a local supplier import fees for the Wholesale Cell Phones that you are finding and you can be assured that everything you are buying is Wholesale ipod,Wholesale Video Games .wholesalelaptopbatteries
Viagra
Submitted by qjHKMe on February 20, 2010 - 3:46pm.Viagra
Submitted by qjHKMe on February 19, 2010 - 3:58pm.Buy Ambien
Submitted by qjHKMe on February 18, 2010 - 8:57pm.Ambien
Submitted by qjHKMe on February 17, 2010 - 1:38pm.Buy Xanax
Submitted by qjHKMe on February 16, 2010 - 3:11pm.CmNNVjDG
Submitted by qjHKMe on February 12, 2010 - 10:53pm.Ugg is an online Australian
Submitted by jackhuhu (not verified) on February 7, 2010 - 8:49pm.