Invisible eyes look at you?

Today, the user turned to me, said that the site was hacked, built-in malicious script. I was offered it, change the site password, delete the site file for the re-download, killing the local virus. Users ask me, the password, randomly generated, as complex as it can be, the server must be black.

(Photo source: pixabay
So I checked the log on the server and found the IP address using the username and password of the FTP user account to log on to the site, download the site file and then download the version to a malicious script. I will write to the user, he does not insist that the server was black.

However, I'm curious about what led to the theft of the user account, so check a few servers to see if there is a similar situation, the results of the check, I'm rubbing, in fact, three tricks. The percentage of strokes is small, which indicates that the server is not black. However, this is not the main thing, the fact is that in the middle of the three sites there is one of mine!

Keke, however, I am very aware of security, and I am sure that I will make mistakes. After I checked again and again, finally recognized the fact that the hackers were not mistaken, I was attracted to the site. Fortunately, my site is basically on the verge of death, there is nothing to visit, nothing important.

However, in the end, how did the password leak? The server can be black, or there is no reason to throw a lot of black only these three fish. The password can not be roughly cracked. The password is generated randomly, and the force corresponds to the standard passwords. There is my computer poisoning, and then stored in the FTP client password, stolen, however, the FTP client saves N sites, there is no reason to let go of the other.

Then there is another possibility that I have an FTP process extracting and writing others. I went to see it, I really used FTP - it's a text password, in fact, I use the encryption method, but we all know that the internal network is sometimes unstable, so I can not remember how much I'm FTP, the encryption of landing is not up, change the text. Check both my clients, and of course they also use a simple text password.

(Photo source: pixabay)
Well, I again realized what happened again. I was lucky that I worked for some time with the Internet security company and was developing IDS (Intrusion Detection System), but I'm still very familiar with this. Simply put, we visit the site on the network, the data flow through a variety of network nodes, for example, I take a train from Guangdong to Heilongjiang to go through a lot of train stations. These nodes can monitor these data streams and, according to the characteristics of the header of the data packet, the data can be analyzed by protocol, and then various protocols can be analyzed. If you use plain text data transfer, you can get all the plaintext information.

For some time I was very interested in viewing all the data in the company, including those who sent them to whom, what account password was on it, and who did not use it to download it. But I'm not used to doing bad things, and all companies involved in network security, all black and black to go, have fun.

This is not the same as before, when internal friends of the company play with each other, but perhaps on the fact that the node was sniffed and take my user name and password to do bad things, the behavior is pretty bad.

Then there is no way to avoid this situation, I looked at the record already in 2010, eight years ago, I forced all clients to use FTP (FTPES) to enter and upload data! Nevertheless, the security measures that I actively promote are subject to great resistance. Many clients refuse to use FTPES on the grounds that their own FTP client does not support encryption and requires that I open the courier way! The end result: I am a compromise, the two ways coexist.

Then, eight years later, I experienced bitter fruits because of the negligence of the moment. However, after this incident, I realized how naive it was to think that the nodes of the public network are not evil. Perhaps the nodes will not make mistakes, but the management nodes are people. Reason, enjoy different ways of doing bad things. Of course, you can move in a node and implement malware?

(Photo source: pixabay)

Regardless of whether the Earth is so dangerous, back to Mars, the Web is too dangerous, leaving the heart, the future can use encrypted data, do not use plain text.

In the end, you see countless pairs of invisible eyes.