Hi all, one of my friends just had his FC2 based simple mailserver (with no 3rd party software and only smtp/pop/imap services running) hacked. He told me that he noticed something strange seeing an unknown ip address in the "Last login from" when logged in as root. Then he changed the root password and waited: the same ip showed up in the secure log as a failed login attempt but after only 5 seconds the logs said ssh root login was successful. My friend admitted he never patched the server with updates, and I know allowing root ssh login is not recommended, but still I am a little surprised. Which are the most important vulnerabilities than can lead to a root remote login on a plain FC2 box? Thanks in advance, Luciano
