Hello Mark, Wednesday, January 17, 2007, 3:08:01 AM, you wrote:
MC> Thankfully I'm on the site via FTP almost every day - and sort MC> directories by date last modified. That is inteded to get me to the MC> active directories that I'm working out of, so when an old directory MC> showed up at the top of the list it made me wonder. You should not use FTP for anything but anonymous access to public sites. It sends your username and password in cleartext. Use SFTP, or secure FTP instead. It uses SSH to transfer files, and unlike standard FTP, it encrypts both commands and data. Do not confuse secure FTP with the Simple File Transfer Protocol, it has the same abbreviation but it is completely different. The functionality of secure FTP is very similar to vanilla FTP with a few additions like creating symlinks and changing file permissions on the remote system. MC> My ISP says that the intruder probably guessed my password. No mention MC> of the user name (which is a unique combination of letters.) They said MC> that the fact that the password was all lower case made is susceptible MC> to being 'guessed') The password was basically just 8 random letters, no MC> numbers or other characters, all lower case, but still just random. Like MC> gossbrom or heplchat. MC> So now I have a password that 1RuM-Pl**StilK()()(SkiNnnN! would be proud MC> of. (Don't try it - not even close - waaaaay too simple.) MC> So - is that explanation plausible? I find it hard to believe that MC> someone could guess that well and wonder if there was some other breach. It is possible but unlikely. In my opinion someone has intercepted your username/password sent in cleartext over the Internet. Having a strong password is good, but if you keep sending it in plaintext then it is pointless:( -- Attila -- PDML Pentax-Discuss Mail List [email protected] http://pdml.net/mailman/listinfo/pdml_pdml.net
