|
|
|
|
|
|
by plasma
5225 days ago
|
|
|
It's quite possible that the attacker has been using the support admin login details for much longer against Linode, without being noticed, until now. What sort of defenses can developers put in place to protect against admin panels? I've used these sorts of techniques in the past: 1) Separate username/password system compared to the regular website
2) IP whitelist of who may even access the admin panel
3) Failed login attempts send an e-mail alert with a log entry Any other recommendations or suggestions? |
|
|