[development] Fully patched site hacked and cloaked

Domenic Santangelo domenics at gmail.com
Wed Jan 27 19:03:59 UTC 2010

I'm hearing some complicated attack vectors being tossed around in here (password sniffing, mitm, etc) -- don't forget about a pretty simple one: dictionary attacks. I recently took over a project for a small-medium sized client and upon looking at the secure log noticed 50k+/day dictionary attacks against SSH. I installed fail2ban and now get 5-6 emails daily about brute-force hack attempts. 

YMMV, but food for thought.


More information about the development mailing list