Fwd: JUST GOT HACKED

Tue Oct 1 09:58:15 EDT 2013

Στις 1/10/2013 4:56 μμ, ο/η Chris “Kwpolska” Warrick έγραψε:
> Why is this list not setting Reply-To correctly again?
>
> ---------- Forwarded message ----------
> From: Chris “Kwpolska” Warrick <kwpolska at gmail.com>
> Date: Tue, Oct 1, 2013 at 3:55 PM
> Subject: Re: JUST GOT HACKED
> To: Νίκος <nikos.gr33k at gmail.com>
>
>
> On Tue, Oct 1, 2013 at 3:42 PM, Νίκος <nikos.gr33k at gmail.com> wrote:
>> Στις 1/10/2013 4:27 μμ, ο/η Chris “Kwpolska” Warrick έγραψε:
>>>
>>> On Tue, Oct 1, 2013 at 3:15 PM, Νίκος <nikos.gr33k at gmail.com> wrote:
>>>>
>>>> Στις 1/10/2013 4:06 μμ, ο/η Mark Lawrence έγραψε:
>>>>>
>>>>>
>>>>> On 01/10/2013 10:58, Νίκος wrote:
>>>>>>
>>>>>>
>>>>>> Just logged in via FTP to my server and i saw an uploade file named
>>>>>> "Warnign html"
>>>>>>
>>>>>> Contents were:
>>>>>>
>>>>>> WARNING
>>>>>>
>>>>>> I am incompetent. Do not hire me!
>>>>>>
>>>>>> Question:
>>>>>>
>>>>>> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON MY
>>>>>> ACCOUNT?
>>>>>>
>>>>>> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY
>>>>>> RISK.
>>>>>>
>>>>>> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY
>>>>>> MAIN
>>>>>> PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?!
>>>>>
>>>>>
>>>>>
>>>>> Would you please stop posting, I've almost burst my stomach laughing at
>>>>> this.  You definetely have a ready made career writing comedy.
>>>>
>>>>
>>>>
>>>> Okey smartass,
>>>>
>>>> Try to do it again, if you be successfull again i'll even congratulate
>>>> you
>>>> myself.
>>>>
>>>> --
>>>> https://mail.python.org/mailman/listinfo/python-list
>>>
>>>
>>> It looks like you are accusing someone of doing something without any
>>> proof whatsoever.  Would you like help with the fallout of the lawsuit
>>> that I hope Mark might (should!) come up with?i'am
>>>
>>>
>>> Speaking of “try again”, I doubt it would be hard…  As long as a FTP
>>> daemon is running somewhere (and you clearly do not know better); or
>>> even you have a SSH daemon and you do not know better, an attacker
>>> can:
>>>
>>> a) wait for you to publish your password yet again;
>>> b) get you to download an exploit/keylogger/whatever;
>>> c) brute-force.
>>>
>>> Well, considering it’s unlikely you actually have a long-as-shit
>>> password, (c) is the best option.  Unless your password is very long,
>>> in which case is not.
>>>
>>> I’m also wondering what language your password is in.  If you actually
>>> used a Greek phrase, how long will it take you to get locked out due
>>> to encoding bullshit?
>>
>>
>> Like i use grek letter for my passwords
>
> Did you know that you just lowered the amount of characters an
> attacker should check while brute-forcing your password from 256/164
> (UTF-*/ISO-8859-7) to just 95?  No?  Congratulations anyways, Nikos!

Yes' iam aware of that, iam helping you as you see.
Brute force then, after a few fail attempts you will be fobribben to 
even try a a new connection.