One of my friend's website has been hacked. He runs his website on a linux server.
The hacker has managed to overwrite his index.html file only, leaving other files intact. His password consist of 25 characters with alphanumeric and symbols so its not possible to crack his password hypothetically. Even though it was, the hacker would have deleted all his files or could have done more damage to his account.
So, I was wondering if anyone of you have any idea on:
1) How did the hacker replace the index file without knowing the password?
2) What measures can my friend take so that this does not happen in future?
This sort of attack has been discussed many times before on this forum, so I'll not reiterate possible causes and cures, but would mention that ftp is nowadays a common point of entry via gumblar variant viruses/trojans - brute forcing isn't a factor
Looks like the site is using the good 'ol Frontpage Server Extension as i have seen tons of similar defacements from these guys on these types of sites/servers. if this is the case, you people are begging for a deface...
Who's to doom when the judge himself is dragged before the bar
It depends. If you can VPN to server, then you do not really need VPN router for that. VPN router is more usefull if you must have permanent secure connection to remote server for it to be acessible just like any computer on LAN not only through FTP but possibly Xwindows, RPC etc.
Traffic from your computer to VPN router still would be unencrypted - so anyone in your subnet could potentially eavesdrop. Only the portion between VPN routers (or router and server - that really depends on type of VPN you are going to use) would be protected.