Why is this list not setting Reply-To correctly again? ---------- Forwarded message ---------- From: Chris “Kwpolska” Warrick <kwpol...@gmail.com> Date: Tue, Oct 1, 2013 at 3:55 PM Subject: Re: JUST GOT HACKED To: Νίκος <nikos.gr...@gmail.com>
On Tue, Oct 1, 2013 at 3:42 PM, Νίκος <nikos.gr...@gmail.com> wrote: > Στις 1/10/2013 4:27 μμ, ο/η Chris “Kwpolska” Warrick έγραψε: >> >> On Tue, Oct 1, 2013 at 3:15 PM, Νίκος <nikos.gr...@gmail.com> wrote: >>> >>> Στις 1/10/2013 4:06 μμ, ο/η Mark Lawrence έγραψε: >>>> >>>> >>>> On 01/10/2013 10:58, Νίκος wrote: >>>>> >>>>> >>>>> Just logged in via FTP to my server and i saw an uploade file named >>>>> "Warnign html" >>>>> >>>>> Contents were: >>>>> >>>>> WARNING >>>>> >>>>> I am incompetent. Do not hire me! >>>>> >>>>> Question: >>>>> >>>>> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON MY >>>>> ACCOUNT? >>>>> >>>>> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY >>>>> RISK. >>>>> >>>>> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY >>>>> MAIN >>>>> PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?! >>>> >>>> >>>> >>>> Would you please stop posting, I've almost burst my stomach laughing at >>>> this. You definetely have a ready made career writing comedy. >>> >>> >>> >>> Okey smartass, >>> >>> Try to do it again, if you be successfull again i'll even congratulate >>> you >>> myself. >>> >>> -- >>> https://mail.python.org/mailman/listinfo/python-list >> >> >> It looks like you are accusing someone of doing something without any >> proof whatsoever. Would you like help with the fallout of the lawsuit >> that I hope Mark might (should!) come up with?i'am >> >> >> Speaking of “try again”, I doubt it would be hard… As long as a FTP >> daemon is running somewhere (and you clearly do not know better); or >> even you have a SSH daemon and you do not know better, an attacker >> can: >> >> a) wait for you to publish your password yet again; >> b) get you to download an exploit/keylogger/whatever; >> c) brute-force. >> >> Well, considering it’s unlikely you actually have a long-as-shit >> password, (c) is the best option. Unless your password is very long, >> in which case is not. >> >> I’m also wondering what language your password is in. If you actually >> used a Greek phrase, how long will it take you to get locked out due >> to encoding bullshit? > > > Like i use grek letter for my passwords Did you know that you just lowered the amount of characters an attacker should check while brute-forcing your password from 256/164 (UTF-*/ISO-8859-7) to just 95? No? Congratulations anyways, Nikos! -- Chris “Kwpolska” Warrick <http://kwpolska.tk> PGP: 5EAAEA16 stop html mail | always bottom-post | only UTF-8 makes sense -- Chris “Kwpolska” Warrick <http://kwpolska.tk> PGP: 5EAAEA16 stop html mail | always bottom-post | only UTF-8 makes sense -- https://mail.python.org/mailman/listinfo/python-list
