vBulletin vandals and the wisdom of randomly generated passwords

This is a discussion on vBulletin vandals and the wisdom of randomly generated passwords within the A Brief History of Cprogramming.com forums, part of the Community Boards category; Just finished fixing my VB site after some kid aparently hacked into the ftp server and posted broken scripts touting ...

  1. #1
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,189

    vBulletin vandals and the wisdom of randomly generated passwords

    Just finished fixing my VB site after some kid aparently hacked into the ftp server and posted broken scripts touting the virtues of natural male enhancements into every directory. At first I thought it was a security flaw in VB itself, but then i noticed files in the secure directories too. Also, as soon as I would fix the files, they woudl be broken again. So i just changed the FTP password to a random string of 50 digits and the problem has apparently ceased.

    If you need random passwords, this is the place I use -

    random.org
    Until you can build a working general purpose reprogrammable computer out of basic components from radio shack, you are not fit to call yourself a programmer in my presence. This is cwhizard, signing off.

  2. #2
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,171
    The server isn't even using https, though, so the random string is sent in plain-text.

    If the FTP server was hacked (as opposed to, he guessed the password), couldn't he hack it again?

    If he did guess the password, perhaps fail2ban will help? (assuming UNIX/Linux server)

  3. #3
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,189
    That would be up to the webhost service I use. I am assuming that my password was simply not that difficult and that improving it will solve the problem in the future. Random.org has a secure version if you want to use https.
    Until you can build a working general purpose reprogrammable computer out of basic components from radio shack, you are not fit to call yourself a programmer in my presence. This is cwhizard, signing off.

Popular pages Recent additions subscribe to a feed

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21