[ubuntu-uk] Website Hacked.....
lucybridges at gmail.com
Sat Jun 27 17:51:32 BST 2009
2009/6/27 John <jakewc2 at sky.com>:
> Lucy wrote:
>> 2009/6/27 John <jakewc2 at sky.com>:
>>> What is worrying me, is the password was a really strong password, 100
>>> strong according to the password generator, and I was wondering, how
>>> they managed to get in.
>> Did you run any popular software, like Wordpress or phpBB? Otherwise,
>> did you have a dynamic website using php or similar?
>> Did you run FTP or ever type the password using an unsecured
>> connection (e.g HTTP).
>> Was it shared hosting or on a dedicated server?
> Yes I do have both Wordpress and phpbb3 installed. I dont use the ftp
> via web connection, but via Filezilla. It is shared hosting. I cant
> afford any other. :(
Were Wordpress and phpbb both running the very latest versions? Both
pieces of software are well known for having security problems and
there are frequent fixes released by the developers.
ftp transmits all data in plain text, which means if someone is
sniffing (think watching) your Internet connection they can see
everything including the password. It's very common on shared hosting
and much better to use sftp or scp where it's available.
Finally, shared hosting isn't always massively secure. So it's
possible, although unlikely (but I don't know the ISP myself) that the
sever was compromised some other way.
Oh yes, and VPS stands for virtual private server. It's a compromise
between shared hosting and a dedicated server, where many virtual
servers are installed on one physical machine. You may have come
across similar set ups at home with virtualbox or vmware?
More information about the ubuntu-uk