Doug Franklin wrote: > Mark Cassino wrote: > >> So - is that explanation plausible? I find it hard to believe that >> someone could guess that well and wonder if there was some other breach. > > Hmmm. To me, that sounds plausible, *if* they have really lax security > settings in their network. For example, any decent Intrusion Detection > System (IDS), or even a sysadmin poring over Snort logs, ought to be > able to spot an attempt to "brute force" an account. From your > description, it sounds like either /really/ lucky guessing or a brute > force attack (keep trying every possible combination until something works). > > Or, more insidious, and probably more likely, one or more of your > computers might be infected with a key logger. How recent are your > anti-virus siguatures? When was the last time you did a full system > scan? When was the last time you did a spyware scan? Did you use at > least two (preferably three) anti-spyware scanners? >
I highly doubt that they're running any sort of IDS. Most webhost setups are fairly low margin and not running that sort of security. In fact a discrete hardware firewall is beyond many. With an all-lowercase password (ugh, massively insecure) and the usual lack of account lockout for bad passwords (Causes too many support calls from web customers, who typically aren't very technical) the password was more than likely brute-forced. There are ways around this of course, but most webhosts don't have the time, clue or money to implement them. -Adam Security type for MCI Canada. -- PDML Pentax-Discuss Mail List PDML@pdml.net http://pdml.net/mailman/listinfo/pdml_pdml.net