[Lincs] lug.org.uk has been compromised!
J
jt at imen.org.uk
Mon Nov 22 13:21:01 GMT 2004
> Hello folks,
>
> Ewan Mac Mahon (York LUG) found an installed backdoor (with Apache ID)
> on lug.org.uk just an hour ago. 4 minutes after he sent his message I
> logged into the server and watched someone trying do execute "rm -rf
> /home" with Apache ID.
>
> The backdoor process is called "th1s iz mY 3l1t3 baCkd00r"...
>
> I don't know what's going to happen now, but I expect the server to be
> offline soon.
>
> The administrators have been informed.
>
> Marc
This just compounds two previous points. The first being an age old
argument over the security of Linux and the second being should we be
hosting with large providers.
And the second that we should consider hosting things away from
centralised services, not only as we have the equipment and skill base
amongst us, and that we can tailor our services to suit our own wants,
but the more dependees upon a centralised service makes that service a
larger target for hackers, both of a semi-skilled and unskilled dos style.
My personal belief of a service providor is that you should be on a
personal level with the people who have root over you - you shouldn't
just be able to say "the admins have been informed" you should be able
to turn around to your dependees and say "I've talked to splat this
morning and they say they've got a {person of non specific gender} on it
and its all going to be ok". Maybe I'm just old fashioned though.
More information about the Lincs
mailing list