Tilted Forum Project Discussion Community - View Single Post

nezmot · 05-02-2006, 11:00 AM

This happened to me a couple of years ago - I had noticed a sudden *massive* increase in hits, all from a website that didn't seem to link to mine - I figured it was some kid trying to boost his site-status by doing lots of referral spamming and so didn't give it much thought. Then, months and months later, I tried to get onto my site and it was down - I called the provider who accused me of phishing and said that due to misuse, they'd taken my site down at the request of the police and their various policies.

I don't know what happened, but I guess that the massive load of hits was some automated crack attempt, trying to break into the portion of my site that ran scripts, once a password with rights was found, they loaded up a fake banking site, and then had a bunch of spam sent out, asking people to fill in their credit card details - you know, the usual scheme.

Anyway, the moral of the story is, I guess, if you have access, or are responsible for a site that is open to the internet, make sure that any usernames and passwords are strongly secure - mixes of letters, numbers and 'other' characters. It took about 3-4 months for them to break my password on my site - but it was a simple one - with properly secure password, it could take years and years.

05-02-2006, 11:00 AM	#6 (permalink)
nezmot Registered User	This happened to me a couple of years ago - I had noticed a sudden massive increase in hits, all from a website that didn't seem to link to mine - I figured it was some kid trying to boost his site-status by doing lots of referral spamming and so didn't give it much thought. Then, months and months later, I tried to get onto my site and it was down - I called the provider who accused me of phishing and said that due to misuse, they'd taken my site down at the request of the police and their various policies. I don't know what happened, but I guess that the massive load of hits was some automated crack attempt, trying to break into the portion of my site that ran scripts, once a password with rights was found, they loaded up a fake banking site, and then had a bunch of spam sent out, asking people to fill in their credit card details - you know, the usual scheme. Anyway, the moral of the story is, I guess, if you have access, or are responsible for a site that is open to the internet, make sure that any usernames and passwords are strongly secure - mixes of letters, numbers and 'other' characters. It took about 3-4 months for them to break my password on my site - but it was a simple one - with properly secure password, it could take years and years.