02-23-2004, 08:59 AM
|
|
|
Confirmed User
Join Date: Feb 2003
Posts: 6,040
|
Quote:
Originally posted by raymor
It is possible to hack the older version of Verotels' add/remove password
scripts (verotelrum.pl). People do actively scan for that script,
as evidenced by server logs of sites I have seen.
It is quite possible that the breach occurred through
verotelrum.pl on your server.
Also, due to the way Vertoel chooses usernames, Verotel usernames
and good targets for brute force attacks. Pennywize's
brute force detection is broken in so far as it does not acount
for open proxies, which most brute force attackers use nowadays.
For optimal security, you should update verotelrum.pl
to the latest version and have a security aware tech take a
look at your script configuration and related items.
Also you may wish to replace pennydumb's suckurity based
on 1998 methods with something up to date and far more
secure, such as Strongbox.
|
Good post  |
|
|