Thread: vBulletin vandals and the wisdom of randomly generated passwords

  1. #1
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195

    vBulletin vandals and the wisdom of randomly generated passwords

    Just finished fixing my VB site after some kid aparently hacked into the ftp server and posted broken scripts touting the virtues of natural male enhancements into every directory. At first I thought it was a security flaw in VB itself, but then i noticed files in the secure directories too. Also, as soon as I would fix the files, they woudl be broken again. So i just changed the FTP password to a random string of 50 digits and the problem has apparently ceased.

    If you need random passwords, this is the place I use -

    random.org

  2. #2
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,215
    The server isn't even using https, though, so the random string is sent in plain-text.

    If the FTP server was hacked (as opposed to, he guessed the password), couldn't he hack it again?

    If he did guess the password, perhaps fail2ban will help? (assuming UNIX/Linux server)

  3. #3
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,195
    That would be up to the webhost service I use. I am assuming that my password was simply not that difficult and that improving it will solve the problem in the future. Random.org has a secure version if you want to use https.

Popular pages Recent additions subscribe to a feed