2009/6/27 John <jake...@sky.com>: > Lucy wrote: >> 2009/6/27 John <jake...@sky.com>: >> >>> What is worrying me, is the password was a really strong password, 100 >>> strong according to the password generator, and I was wondering, how >>> they managed to get in. >>> >> >> Did you run any popular software, like Wordpress or phpBB? Otherwise, >> did you have a dynamic website using php or similar? >> >> Did you run FTP or ever type the password using an unsecured >> connection (e.g HTTP). >> >> Was it shared hosting or on a dedicated server? >> >> > Yes I do have both Wordpress and phpbb3 installed. I dont use the ftp > via web connection, but via Filezilla. It is shared hosting. I cant > afford any other. :(
Were Wordpress and phpbb both running the very latest versions? Both pieces of software are well known for having security problems and there are frequent fixes released by the developers. ftp transmits all data in plain text, which means if someone is sniffing (think watching) your Internet connection they can see everything including the password. It's very common on shared hosting and much better to use sftp or scp where it's available. Finally, shared hosting isn't always massively secure. So it's possible, although unlikely (but I don't know the ISP myself) that the sever was compromised some other way. Oh yes, and VPS stands for virtual private server. It's a compromise between shared hosting and a dedicated server, where many virtual servers are installed on one physical machine. You may have come across similar set ups at home with virtualbox or vmware? -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
