Hacked - FreeBSD 7.1-Release
Andresen, Jason R.
jandrese at mitre.org
Tue Dec 22 20:17:22 UTC 2009
Squirrel wrote:
>most likely could be some kind of remote code execution or SQLi executed
>in the context of some php scripts, you should audit php code of your
>web interface and of the websites you host.
>also consider the strenght of your passwords, lots of login attempts to
>ssh/ftp may mean a he has tried a bruteforce (or a dictionary attack
>maybe). you should also check webmin logs, there are a few bruteforcer
>for webmin out there, (*hint*) consider the lenght of your average
>password if it's more than 7-8 characters aplhanumeric with simbols most
>likely this isn't the case.
While it's true that it's a good idea to check your password strength, pretty much any host connected to the internet is going to be hit daily by bots looking for weak passwords. It's one area where you logs don't help much because there is too much noise.
More information about the freebsd-stable
mailing list