> Date: Mon, 20 Apr 2009 10:52:57 -0700 > From: Paul Ferguson <fergdawgs...@gmail.com> > > On Mon, Apr 20, 2009 at 10:40 AM, Nick Chapman <nicknetwo...@gmail.com> > wrote: > > > On Mon, Apr 20, 2009 at 12:47 PM, Neil <kngsp...@gmail.com> wrote: > > >> > >> But if you figure out how they got write access to a static website, I'd > >> love to hear it. > > > > > > Compromised FTP credentials would be my guess. They can be obtained > > by brute force attacks or credential stealing trojans. > > > > Yeah, it could have been any number of ways -- there has also been a huge > increase of SSH brute-force attacks in the past few weeks: > > https://isc.sans.org/diary.html?storyid=6214
And, from several reports (including my own), they (brute force ssh attacks) seem to have stopped at about 22:30 UTC on the 19th. (Not that this is really relevant to the thread.) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: ober...@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751