exploit vulnerability

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
sloshed
Newbie
Newbie
Posts: 1
Joined: 01 Oct 2005, 16:00
19

exploit vulnerability

Post by sloshed »

hey,
my friend has placed his admin folder like this www.somesite.com/admin so as to have easy access to it when he needs it...this obvoiusly makes and tom ,dick and harry have access to the id/paaswrd pop-up...he seems to think that no one will bother to do a dict/brute crack on it....should he be worried ....is there any easy way by which someone can hijack his site

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11638
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:

Post by bad_brain »

Hm, hard to say, depends on which server- and administration-app-version is installed, correct CHMOD settings, etc... the path isn´t that important.
Webmin for example has an option to add a continiously expanding delay between each failed login attempt ("Enable password timeouts"), so an attacker which tries to brute force the login would need months...
But it´s possible to block someone completely after a defined number of failed login attempts by an Apache module named pw_auth too, available
here.
And it´s inevitable to choose GOOD passwords and usernames, use the maximum ammount of possible digits with numbers, letters in lower and upper case and (if possible) special symbols like $%'#....
Just give us a little more info about the server and we can give you more help, because there are many options like the combination of symmetric/asymmetric password authentification and so on.... :wink:

Post Reply