- Joined
- Jul 20, 2006
While going through his bash history one of my programmers noticed that we had been hit with an SMTP brute force attack.
I've changed every password on the system.
But basically they used the www-data password www-data to get into our system... which is really just WONDERFUL...
I'd like some advice on how I could rig it so that only my live server can access the code server. And also I'm curious as to how this happened in the first place.
We only just opened one port for ssh access from the live server to the code server (in order to update the site using git.)
Any advice would be appreciated.
I've changed every password on the system.
But basically they used the www-data password www-data to get into our system... which is really just WONDERFUL...
I'd like some advice on how I could rig it so that only my live server can access the code server. And also I'm curious as to how this happened in the first place.
We only just opened one port for ssh access from the live server to the code server (in order to update the site using git.)
Any advice would be appreciated.