« RE: My Predictions... | Main | Cactus and Form-Base... »
20040107 Wednesday January 07, 2004

Hacked (Again) This morning, a reader was kind enough to let me know that this website has been hacked.

The web pages at http://raibledesigns.com/tomcat/ with information about Apache, Tomcat and load balancing have been defaced.

I've contacted my sys admin and will hopefully get these files restored in the next few hours. I could do it myself, but I want to 1) see if this is a widespread problem (i.e. not just me) and 2) make sure all my defaced files are replaced. I got hacked a couple of months ago too, and I believe the same files were defaced. If it's another ISP issue, vs. someone logging in as me - it might be time to make the leap. Posted in General at Jan 07 2004, 06:18:41 AM MST 4 Comments

Comments:

I'm on the same server as you Matt, and we've been hacked too. I found this on my index page: Ir4dex Owner You !! CreativeMX@forpresident.com Ae ElZE Sua Vagabunda Da Pior Classe Sua Kenga... Prostituta... Nice :( We believe that it's a server/isp issue and are also considering the leap now too.

Posted by Pat on January 07, 2004 at 09:13 AM MST #

I'm with the same host but on a different box (I believe) - everything seems to be okay with me.

Posted by Simon Brown on January 07, 2004 at 10:07 AM MST #

It looks there was a kernel backdoor put in right at the kernel source. RedHat announced it Jan 5...the day before the break-in.

Posted by Keith Bjorndahl on January 07, 2004 at 04:02 PM MST #

Keith, I'm not certain if the vulnerability you're talking about was actually created by a deliberate attack on the linux kernel source-tree itself (to insert a backdoor). The 'mremap' vulnerability, reported a few days ago (http://linuxworld.com/story/38657.htm) is just a bug, already in the kernel memory management code, and doesn't represent a perversion of the source code tree itself by some external malicious hacker. There /was/ an attempt to insert a backdoor into the kernel source code in November (http://kerneltrap.org/node/view/1584) which thankfully was spotted before it got into the source-tree proper. Personally I find this kind of attack a lot more scary than some vulnerability exploit - if you can't trust your own source code, you're buggered.

Posted by Roberto Tyley on January 08, 2004 at 05:21 AM MST #

Post a Comment:
  • HTML Syntax: Allowed