PDA

View Full Version : vBulletin vandals and the wisdom of randomly generated passwords



abachler
12-08-2008, 03:20 PM
Just finished fixing my VB site after some kid aparently hacked into the ftp server and posted broken scripts touting the virtues of natural male enhancements into every directory. At first I thought it was a security flaw in VB itself, but then i noticed files in the secure directories too. Also, as soon as I would fix the files, they woudl be broken again. So i just changed the FTP password to a random string of 50 digits and the problem has apparently ceased.

If you need random passwords, this is the place I use -

random.org (http://www.random.org/strings/?num=10&len=20&digits=on&loweralpha=on&unique=on&format=html&rnd=new)

cyberfish
12-08-2008, 05:00 PM
The server isn't even using https, though, so the random string is sent in plain-text.

If the FTP server was hacked (as opposed to, he guessed the password), couldn't he hack it again?

If he did guess the password, perhaps fail2ban will help? (assuming UNIX/Linux server)

abachler
12-08-2008, 05:27 PM
That would be up to the webhost service I use. I am assuming that my password was simply not that difficult and that improving it will solve the problem in the future. Random.org has a secure version if you want to use https.