Posted by heropage, 02-04-2017, 02:27 PM |
I used http://htpasswdgenerator.net/ to generate htpasswd to protect the admin login.
username:jeff
password:abcdef2000
it generate:
jeff:ti1ZRKaKQODmQ
for some reason, the hacker download the htpasswd file, he was abled to decrypt the password to abcdef20.
BUT, the password abcdef20 still working! my real password is something more complicated, like abcdef2000abc etc.
not sure why, my site get hacked because of this!
another htpasswd generate like
http://www.htaccesstools.com/htpasswd-generator/
the format is different
jeff:$apr1$dlwyksje$IMUhJlUWVZm0yw1UQJEze/
looks like its more secured ?!
|
Posted by user54321, 02-04-2017, 02:43 PM |
so you have a dedicated server?
|
Posted by heropage, 02-04-2017, 02:45 PM |
yes. i have a dedicated server
|
Posted by luki, 02-04-2017, 03:02 PM |
The old-style DES password hashes from the 70's as you have them in your .htpasswd file are limited to 8 characters. Not a bug, but a legacy limitation: https://en.wikipedia.org/wiki/Data_Encryption_Standard. The htpasswd command defaults to much stronger hashes these days, i.e.:
test:$apr1$uJo/.rHs$/hBTAJyZUV2zH1TzLnBP30
|
Posted by bear, 02-04-2017, 03:04 PM |
Or that site is generating rainbow tables to be used against folks that use it.
|
Posted by whmcsguru, 02-04-2017, 10:45 PM |
Yeah, not a bug. Use secure passwords
|
Posted by heropage, 02-05-2017, 02:09 AM |
thank you guys.
I got it now.
But I had paid the price. and I got charge for $5000 for the thing I did.
it's a good lession anyway.
|
Posted by hiabhilash, 02-05-2017, 03:27 AM |
Costly lesson Must be for the bandwidth ?
|
|
Add to Favourites
Print this Article |