X-Received: by 10.182.53.165 with SMTP id c5mr228034obp.0.1381243905955; Tue, 08 Oct 2013 07:51:45 -0700 (PDT) X-Received: by 10.49.40.168 with SMTP id y8mr4918qek.42.1381243905916; Tue, 08 Oct 2013 07:51:45 -0700 (PDT) Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!i2no2536464qav.0!news-out.google.com!9ni21544qaf.0!nntp.google.com!i2no2536463qav.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.python Date: Tue, 8 Oct 2013 07:51:45 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=66.31.214.79; posting-account=FNXnfgoAAAC2RodSBmZi96lZHTjJOWX- NNTP-Posting-Host: 66.31.214.79 References: User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: Subject: Re: JUST GOT HACKED From: Pat Johnson Injection-Date: Tue, 08 Oct 2013 14:51:45 +0000 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Received-Bytes: 4374 Xref: csiph.com comp.lang.python:56409 I don't think you are allowed to use the word dumbass to describe anyone or= anything buddy. On Tuesday, October 1, 2013 9:42:31 AM UTC-4, Ferrous Cranus wrote: > =CE=A3=CF=84=CE=B9=CF=82 1/10/2013 4:27 =CE=BC=CE=BC, =CE=BF/=CE=B7 Chris= =E2=80=9CKwpolska=E2=80=9D Warrick =CE=AD=CE=B3=CF=81=CE=B1=CF=88=CE=B5: >=20 > > On Tue, Oct 1, 2013 at 3:15 PM, =CE=9D=CE=AF=CE=BA=CE=BF=CF=82 wrote: >=20 > >> =CE=A3=CF=84=CE=B9=CF=82 1/10/2013 4:06 =CE=BC=CE=BC, =CE=BF/=CE=B7 Ma= rk Lawrence =CE=AD=CE=B3=CF=81=CE=B1=CF=88=CE=B5: >=20 > >>> >=20 > >>> On 01/10/2013 10:58, =CE=9D=CE=AF=CE=BA=CE=BF=CF=82 wrote: >=20 > >>>> >=20 > >>>> Just logged in via FTP to my server and i saw an uploade file named >=20 > >>>> "Warnign html" >=20 > >>>> >=20 > >>>> Contents were: >=20 > >>>> >=20 > >>>> WARNING >=20 > >>>> >=20 > >>>> I am incompetent. Do not hire me! >=20 > >>>> >=20 > >>>> Question: >=20 > >>>> >=20 > >>>> WHO AND MOST IMPORTNTANLY HOW DID HE MANAGED TO UPLOAD THIS FILE ON = MY >=20 > >>>> ACCOUNT? >=20 > >>>> >=20 > >>>> PLEASE ANSWER ME, I WONT GET MAD, BUT THIS IS AN IMPORTANT SECURITY = RISK. >=20 > >>>> >=20 > >>>> SOMEONES MUST HAVE ACCESS TO MY ACCOUNT, DOES THE SOURCE CODE OF MY = MAIN >=20 > >>>> PYTHON SCRIPT APPEARS SOMEPLACE AGAIN?!?! >=20 > >>> >=20 > >>> >=20 > >>> Would you please stop posting, I've almost burst my stomach laughing = at >=20 > >>> this. You definetely have a ready made career writing comedy. >=20 > >> >=20 > >> >=20 > >> Okey smartass, >=20 > >> >=20 > >> Try to do it again, if you be successfull again i'll even congratulate= you >=20 > >> myself. >=20 > >> >=20 > >> -- >=20 > >> https://mail.python.org/mailman/listinfo/python-list >=20 > > >=20 > > It looks like you are accusing someone of doing something without any >=20 > > proof whatsoever. Would you like help with the fallout of the lawsuit >=20 > > that I hope Mark might (should!) come up with?i'am >=20 > > >=20 > > Speaking of =E2=80=9Ctry again=E2=80=9D, I doubt it would be hard=E2=80= =A6 As long as a FTP >=20 > > daemon is running somewhere (and you clearly do not know better); or >=20 > > even you have a SSH daemon and you do not know better, an attacker >=20 > > can: >=20 > > >=20 > > a) wait for you to publish your password yet again; >=20 > > b) get you to download an exploit/keylogger/whatever; >=20 > > c) brute-force. >=20 > > >=20 > > Well, considering it=E2=80=99s unlikely you actually have a long-as-shi= t >=20 > > password, (c) is the best option. Unless your password is very long, >=20 > > in which case is not. >=20 > > >=20 > > I=E2=80=99m also wondering what language your password is in. If you a= ctually >=20 > > used a Greek phrase, how long will it take you to get locked out due >=20 > > to encoding bullshit? >=20 >=20 >=20 > Like i use grek letter for my passwords or like i'am gonna fall for any= =20 >=20 > of your 3 dumbass reasons. >=20 >=20 >=20 > I already foudn the weakness and corrected it.