PW Compromised?


#1

Checking my dysfunctional server logs this afternoon to see if they had been rotated yet (because they are not rotating again, and no response from support yet), I noticed someone had logged into my /stats/ directory under my username and gained access.

65.116.251.178 - - [01/Dec/2006:11:28:47 -0800] “GET /stats/ HTTP/1.1” 401 (got login screen)

65.116.251.178 - (my username) [01/Dec/2006:11:29:13 -0800] “GET /stats/ HTTP/1.1” 200 (access granted, page ok)…etc.

Um NOT cool! If this is DH checking to see if my stats updated, I haven’t heard anything. In the meanwhile, afraid that someone had just compromised my password, I went and changed them for both the panel and FTP.

Generally, when I see someone at DH hitting my sites for a support request, it’s obvious. So far as I could tell though, those hits came from the east coast.

I’m not happy about that to say the least. Not. Happy.