This blog along with 30 other websites hosted on a common server were taken down on 9/11 (11 Sept 2011 and yes I see the significance) by a hacker pretending to be Brazilian. Except that’s misdirection because in Brazil they use Portuguese! The hacker replaced every file containing the string “index with its own twisted message in Spanish and a graphic of a semi-nude woman.
And before you rant about insecure passwords we’d used 12-16 character really secure passwords that met Linux’s rather exacting standards. And tested them on GRC’s Password Haystack site to see how quickly they’d give in to brute force attacks. Nothing that took less that a few hundred centuries met our standards.
I believe, although the company my former company Indax leased the server from denies it, the attacker entered an insecure backdoor on the domain controller. From personal experience I know of a large US-based hosting company who uses a modified WordPress (yes, what powers this blog too) based hosting partner management system. When I used it the user passwords were limit to no more than 6 characters and could only contain capitals, lower-case or numbers!!!
It took me with the help of one other person to get the hosting box back on track. My blog took 2nd place on the update. And when I tred to restore it earlier today found I had a broken theme to deal with. Jeez! The aggro (aka aggravation).