'Sleeper'
Do you have problems, concerns, or recommendations about the technical side of the Phoenix? Air them here. Compliments also welcome.
Good god, Tom. Thanks for catching that.
I am curious about how they got in, too. Our admin password is decently strong--do you think it should be changed?
A cursory google doesn't show me any scriptkiddy sites with that application name or anything, but I don't know all the l33t places to go.
eta: and do you think it's something we should report to iStrata in case that's how they got in, or other customers are compromised?
Wow! Thanks for catching that, Tom.
Looks like they got in through plesk.
Is there a security loophole or exploit that they used? Is our password compromised? Was it our plesk install, or one at a higher level (like iStrata admin, or something?)
And, in fact, I see you, ita, logging into Plesk on Thursday, the 23rd, and then the hacker is able to log in on Friday, the 24th with no failed login attempts. I'm worried that there might be a keylogger on one of your systems, ita.
Edit: Or there could be a security hole in Plesk, and the fact that you logged in the day before was just a coincidence. I'm still looking.
23rd of Feb? Can you email me the IP address that was from? I'm trying to think why I would have logged in. That seems too recent for the vote, and that was the last time I went in, to change the email address for the vote.
Insent.
Thanks. V. confusing. Obviously I can't keep track of when I go in, but keylogged on my Mac? Say it ain't so, Joe. Say it ain't so.
Seems unlikely to me, too, but how else could they have grabbed the password? Plesk uses SSL.