On 7/27/06, Zed Shaw <[EMAIL PROTECTED]> wrote: > <snip> > > Wow, look at all those wonderful usernames I can use to hack that box. > Now if I can just find the right server I could be in there like > swimwear.
Especially since those pesky capistrano config/deploy.rb have all the passwords in there for you. And, with .ssh_keys on most of our boxes, it would only take one to get 'em all! Our servers are constantly polled by programs searching for random username/password combinations (the message log is filled with attempts for common usernames), and just the other day we had some program polling our app for FrontPage (gasp! who still uses those) extension dlls and crazy large posting of \x000 \x000 characters to one of our forms for buffer exploits. mongrel handled 'em fine. Maybe it's time to move ssh up to a different port? It's a wild world out there y'all. ;-) p.s. the username on our box got cut off, it's highgroove_deploy for all the hackers out there... -- Charles Brian Quinn www.seebq.com _______________________________________________ Mongrel-users mailing list [email protected] http://rubyforge.org/mailman/listinfo/mongrel-users
