Quote:
Originally Posted by PornoMonster
Back in the old days, hackers would hack the ccbill file. I thought this was taken care of, but yes, I use to find my entire user/pass lists on boards.
NO it was not my server hacked, I did extensive research on how people would crack the ccbill files. I have not heard about it in a long time, so I figured it was over.
|
What they did was find the CCBill log file, which contained usernames but no passwords. They'd then compare those usernames against a list of previously cracked u/p pairs, for a more effective brute force attack. This shouldn't be happening now if your site was set up properly.
Hackers can still get your htpasswd file, which can be located anywhere. It's important that it located above the document root, and that you have no scripts running anywhere on your site that can return arbitrary files. Best to put the htpasswd file in an unusual location, and name it something unique. Consider using a stronger encryption on your htpasswd file, and to require customers to use passwords at least nine characters long (or provide them random usernames and passwords - but not the insanely unusable ones CCBill offers; use the passgen utility that Strongbox offers).
If you get confirmation emails be sure your email is secure. If your email account has been hacked they can look at all the confirmations, which by default have the username and password in them.