...
What we periodically look for:
- Systems Open systems with empty or weak administrator level passwords, including Windows, SSH, and various database types.
- Public web sites and web applications that allow anonymous (i.e. no login required) access to pages with SQL Injection or Cross-Site Scripting vulnerabilities.
What you may notice:
- Your log files (hopefully you are keeping audit logging turned on) may show attempts to login from strange addresses or multiple failures in a row that you don't expect. Web access logs may show many requests from the same IP including strange URLs.
- If you allow anonymous updates to your websites (i.e. no login required), junk data or what looks like spam may be inserted into your application's database or email forms.
...