If you posted a link to anything on your web space in an HTML web page
as FTP-able, I'm pretty sure the user name and password will show up in
the connection string. (I don't know if that's true of secure HTML but
then again I don't run an FTP site).
Mark Cassino wrote:
> I noticed in the occupations thread that a few folks on this list a
> computer security professionals. I just had a disturbing experience - I
> logged into my web page to find a directory full of crap that I didn't
> put there. (Not to put on airs, but my crap is a a notch above
> "free-ringtones".) Pouring over the directories I found a couple of
> other links to pharm and mortgage sites.
>
> Thankfully I'm on the site via FTP almost every day - and sort
> directories by date last modified. That is inteded to get me to the
> active directories that I'm working out of, so when an old directory
> showed up at the top of the list it made me wonder.
>
> My ISP says that the intruder probably guessed my password. No mention
> of the user name (which is a unique combination of letters.) They said
> that the fact that the password was all lower case made is susceptible
> to being 'guessed') The password was basically just 8 random letters, no
> numbers or other characters, all lower case, but still just random. Like
> gossbrom or heplchat.
>
> So now I have a password that 1RuM-Pl**StilK()()(SkiNnnN! would be proud
> of. (Don't try it - not even close - waaaaay too simple.)
>
> So - is that explanation plausible? I find it hard to believe that
> someone could guess that well and wonder if there was some other breach.
>
> - MCC
>
>
--
--
The more I know of men, the more I like my dog.
-- Anne Louise Germaine de Stael
--
PDML Pentax-Discuss Mail List
[email protected]
http://pdml.net/mailman/listinfo/pdml_pdml.net
