|
If you or your client is repeatedly getting hit We will be happy to pull the logs for you. Nearly every case of hacking recently has been as david stated before, by the hacker using VALID ftp credentials. We've gone to great lengths (that should not be discussed openly in a semi public forum) to detect hackers loging in compared to actual people, only to find with a month they were ping ponging so to speak off multiple controlled servers at multiple IP's to attempt the same log-ins. We can detect and block them often, but the root of all of it is insecure or stolen passwords.
Many have already discussed here the importance of updating and changing them. Reality is there was a LOT of nasty code going around that could steal saved passwords. Many viral protection programs did not see it until millions were infected. Infected machines often can no longer be trusted to scan their own files even when viral software is updated to look for it. In short the definitions need to reach you BEFORE the virus does, or often viral code is smart enough to work right around your efforts. A few get hit, then those visitors got hit and it snowballed world wide. Some companies swept it under the rug or worked around it, some deny it happened at all. We've been pretty open about it giving what information we have been able to find as we find it.
In short, to keep from being protected use secure strong passwords, change them periodically (I would never let one go longer than 90 days for anything critical) and work from known clean machines and chances are you'll skip this type of attack completely. VERY few people are getting hit anymore and I have seen only a few cases of a re-injection most of which either didn't change passwords, or did not change ALL passwords. Don't forget ftp sub accounts. These are often handed off to a less savy end user, and seem to get hit far more often than the main ftp.
|
08-30-2009, 01:14 AM
Similar Threads
Hybrid Mode
