JUST GOT HACKED

[Chris “Kwpolska” Warrick]

On Tue, Oct 1, 2013 at 3:15 PM, Νίκος <nikos.gr33k at gmail.com> wrote:
> Στις 1/10/2013 4:06 μμ, ο/η Mark Lawrence έγραψε:
>>
>> On 01/10/2013 10:58, Νίκος wrote:
>>>
>>> Just logged in via FTP to my server and i saw an uploade file named
>>> "Warnign html"
>>>
>>> Contents were:
>>>
>>> WARNING
>>>
>>> I am incompetent. Do not hire me!
>>>
>>> Question:
>>>
>>> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON MY
>>> ACCOUNT?
>>>
>>> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY RISK.
>>>
>>> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY MAIN
>>> PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?!
>>
>>
>> Would you please stop posting, I've almost burst my stomach laughing at
>> this.  You definetely have a ready made career writing comedy.
>
>
> Okey smartass,
>
> Try to do it again, if you be successfull again i'll even congratulate you
> myself.
>
> --
> https://mail.python.org/mailman/listinfo/python-list

It looks like you are accusing someone of doing something without any
proof whatsoever.  Would you like help with the fallout of the lawsuit
that I hope Mark might (should!) come up with?

Speaking of “try again”, I doubt it would be hard…  As long as a FTP
daemon is running somewhere (and you clearly do not know better); or
even you have a SSH daemon and you do not know better, an attacker
can:

a) wait for you to publish your password yet again;
b) get you to download an exploit/keylogger/whatever;
c) brute-force.

Well, considering it’s unlikely you actually have a long-as-shit
password, (c) is the best option.  Unless your password is very long,
in which case is not.

I’m also wondering what language your password is in.  If you actually
used a Greek phrase, how long will it take you to get locked out due
to encoding bullshit?

-- 
Chris “Kwpolska” Warrick <http://kwpolska.tk>
PGP: 5EAAEA16
stop html mail | always bottom-post | only UTF-8 makes sense