I have two stories one as a victim and one as a "hacker"
Victim story: I did an installation on a research center a few years ago and the servers where directly connected to the internet. The next day I did see that someone from China had logged in...i did a clean install immediately.

Hacker story: I did help a friend of mine once for a uni project (lamp/ftp server) . While we were setting up our server, we checked the servers of the students that had finished their project and had them online. We obtained the password for the FTP server (it was available for the teacher to check) so ftped to the machine and there was no jail for the FTP.... I searched for joomla config and found the password for the database...

I leave the rest to your imagination...

Add Comment