Al Patrick wrote:
I received an email from this morning using the
subject of, Dear webmail Users, with the following contents:
Yeah, my server got hacked a few weeks ago and they put up a fake web
page from a Madrid (yes, Spain) bank. They'd been working very covertly
for a week setting it up after initially penetrating the system. Then,
I get an email from RSA security asking me to take down the page. A
couple hours later, i get a phone call from my ISP, and can tell them
I've already removed the offending page, and am trying to secure the
system better.
(System is Linux, running SMTP server and Apache. I had added the
denyhosts program, and thought that was enough. (It scans for multiple
login failures from the same IP (even if different user names) and puts
those IPs into the hosts.deny file, so, to the offending user, it
appears that you just pulled your network plug - no pings, no response
at all.) Well, if you have a stable of several HUNDRED compromised
hosts, you can still focus an attack on a system, by only making a
couple attempts from each IP until the system log file rolls over. I
hadn't thought of that gambit, or that capability. it took them several
months to compromise my system. I've severely cut down the number of
login attempts permitted, such that I sometimes even lock myself out!
I also made the password even harder to guess, essentially gibberish!
And, also removed the root account and made it something else. What a
pain! They do seem to have given up for the moment.
I'm looking at authentication schemes. Something where, AFTER you give
a valid username and password, it then sends you some kind of challenge,
and you have to do something non-obvious and send back a response based
on the challenge, or you get kicked off.
Somebody really ought to go hang these *******s!
Jon