Page 1 of 1

exploit vulnerability

Posted: 02 Oct 2005, 04:18
by sloshed
hey,
my friend has placed his admin folder like this www.somesite.com/admin so as to have easy access to it when he needs it...this obvoiusly makes and tom ,dick and harry have access to the id/paaswrd pop-up...he seems to think that no one will bother to do a dict/brute crack on it....should he be worried ....is there any easy way by which someone can hijack his site

Posted: 02 Oct 2005, 05:24
by bad_brain
Hm, hard to say, depends on which server- and administration-app-version is installed, correct CHMOD settings, etc... the path isn´t that important.
Webmin for example has an option to add a continiously expanding delay between each failed login attempt ("Enable password timeouts"), so an attacker which tries to brute force the login would need months...
But it´s possible to block someone completely after a defined number of failed login attempts by an Apache module named pw_auth too, available
here.
And it´s inevitable to choose GOOD passwords and usernames, use the maximum ammount of possible digits with numbers, letters in lower and upper case and (if possible) special symbols like $%'#....
Just give us a little more info about the server and we can give you more help, because there are many options like the combination of symmetric/asymmetric password authentification and so on.... :wink: