[development] Fully patched site hacked and cloaked

Ivan Sergio Borgonovo mail at webthatworks.it
Wed Jan 27 20:55:33 UTC 2010

On Wed, 27 Jan 2010 11:03:59 -0800
Domenic Santangelo <domenics at gmail.com> wrote:

> I'm hearing some complicated attack vectors being tossed around in
> here (password sniffing, mitm, etc) -- don't forget about a pretty
> simple one: dictionary attacks. I recently took over a project for
> a small-medium sized client and upon looking at the secure log
> noticed 50k+/day dictionary attacks against SSH. I installed
> fail2ban and now get 5-6 emails daily about brute-force hack
> attempts. 

Disable password login and/or move the port.
Otherwise you risk to see yourself closed out of your own box.
What could be worse, you may even not be the one who closed the door.

Ivan Sergio Borgonovo

More information about the development mailing list