Re: [nznog] Compromised websites

On Mon, 14 Jul 2008 21:59:30 +1200 Nathan Ward wrote:

On 14/07/2008, at 9:44 PM, Steve Holdoway wrote:

...

On Mon, 14 Jul 2008 19:16:13 +1200 Glen Eustace wrote:

...

OK, vector identified.

The password for the site was cracked, then the site was downloaded, modified and then uploaded again. This happened concurrently from two sources.

My pet hate is all these designers who just must have ftp access. Don't they realise that the ftp password is transferred in clear text over the internet? sftp is no big deal to set up either end.

Secure FTP doesn't save people who have poorly chosen passwords, which I imagine is what happened in this case, and is in my opinion a much more likely to be exploited problem than unencrypted FTP.

-- Nathan Ward

As it doesn't expose the account name either, it makes guessing the password infinitely more difficult. Also, by disabling ftp altogether, you've confused the script kiddies already. I suppose running sftp on port 21 would make them really mad! Just my opinion (: Steve -- Steve Holdoway