Quote:
Originally Posted by RazorSharpe
I NEVER got told to about the possibility of someone using the nats admin login to access my nats installation. I do change my ssh/ftp login. This was not a breach by ssh/ftp, this was a breach by someone using the nats login that I was told would be "appreciated to be left". So if you got different info from just about every NATS program then you're a lucky guy ....
|
You ALWAYS have to assume someone could access your admin areas. If people can brute force a paysite what would make anyone think you can't brute force affiliate logins?
I know it didn't happen through ssh/ftp, they tell you to change it and any other passwords they had access to.
Of course NATS now is going to have to crack down and force all clients to lock down the systems, and prob enforce some other changes/rules too. But no matter what, if I give a program my details - it's the programs responsibility to make sure it's safe and secure.