[development] Fully patched site hacked and cloaked

Ivan Sergio Borgonovo mail at webthatworks.it
Wed Jan 27 20:55:33 UTC 2010


On Wed, 27 Jan 2010 11:03:59 -0800
Domenic Santangelo <domenics at gmail.com> wrote:

> I'm hearing some complicated attack vectors being tossed around in
> here (password sniffing, mitm, etc) -- don't forget about a pretty
> simple one: dictionary attacks. I recently took over a project for
> a small-medium sized client and upon looking at the secure log
> noticed 50k+/day dictionary attacks against SSH. I installed
> fail2ban and now get 5-6 emails daily about brute-force hack
> attempts. 

Disable password login and/or move the port.
Otherwise you risk to see yourself closed out of your own box.
What could be worse, you may even not be the one who closed the door.

-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it



More information about the development mailing list