JUST GOT HACKED

Tue Oct 1 09:57:44 EDT 2013

On Tue, 01 Oct 2013 16:42:31 +0300, Νίκος wrote:

> Στις 1/10/2013 4:27 μμ, ο/η Chris “Kwpolska” Warrick έγραψε:
>> On Tue, Oct 1, 2013 at 3:15 PM, Νίκος <nikos.gr33k at gmail.com> wrote:
>>> Στις 1/10/2013 4:06 μμ, ο/η Mark Lawrence έγραψε:
>>>>
>>>> On 01/10/2013 10:58, Νίκος wrote:
>>>>>
>>>>> Just logged in via FTP to my server and i saw an uploade file named
>>>>> "Warnign html"
>>>>>
>>>>> Contents were:
>>>>>
>>>>> WARNING
>>>>>
>>>>> I am incompetent. Do not hire me!
>>>>>
>>>>> Question:
>>>>>
>>>>> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON
>>>>> MY ACCOUNT?
>>>>>
>>>>> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY
>>>>> RISK.
>>>>>
>>>>> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY
>>>>> MAIN PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?!
>>>>
>>>>
>>>> Would you please stop posting, I've almost burst my stomach laughing
>>>> at this.  You definetely have a ready made career writing comedy.
>>>
>>>
>>> Okey smartass,
>>>
>>> Try to do it again, if you be successfull again i'll even congratulate
>>> you myself.
>>>
>>> --
>>> https://mail.python.org/mailman/listinfo/python-list
>>
>> It looks like you are accusing someone of doing something without any
>> proof whatsoever.  Would you like help with the fallout of the lawsuit
>> that I hope Mark might (should!) come up with?i'am
>>
>> Speaking of “try again”, I doubt it would be hard…  As long as a FTP
>> daemon is running somewhere (and you clearly do not know better); or
>> even you have a SSH daemon and you do not know better, an attacker can:
>>
>> a) wait for you to publish your password yet again;
>> b) get you to download an exploit/keylogger/whatever;
>> c) brute-force.
>>
>> Well, considering it’s unlikely you actually have a long-as-shit
>> password, (c) is the best option.  Unless your password is very long,
>> in which case is not.
>>
>> I’m also wondering what language your password is in.  If you actually
>> used a Greek phrase, how long will it take you to get locked out due to
>> encoding bullshit?
> 
> Like i use grek letter for my passwords or like i'am gonna fall for any
> of your 3 dumbass reasons.
> 
> I already foudn the weakness and corrected it.

i hope whoever is taking on your roll has a better basic understating of 
programming & systems administration.

good luck with you new career

-- 
This place just isn't big enough for all of us.  We've got to find a way
off this planet.