[Lincs] lug.org.uk has been compromised!

[J]

> Hello folks,
>
> Ewan Mac Mahon (York LUG) found an installed backdoor (with Apache ID)
> on lug.org.uk just an hour ago. 4 minutes after he sent his message I
> logged into the server and watched someone trying do execute "rm -rf
> /home" with Apache ID.
>
> The backdoor process is called "th1s iz mY 3l1t3 baCkd00r"...
>
> I don't know what's going to happen now, but I expect the server to be
> offline soon.
>
> The administrators have been informed.
>
> Marc


This just compounds two previous points. The first being an age old 
argument over the security of Linux and the second being should we be 
hosting with large providers.

And the second that we should consider hosting things away from 
centralised services, not only as we have the equipment and skill base 
amongst us, and that we can tailor our services to suit our own wants, 
but the more dependees upon a centralised service makes that service a 
larger target for hackers, both of a semi-skilled and unskilled dos style.

My personal belief of a service providor is that you should be on a 
personal level with the people who have root over you - you shouldn't 
just be able to say "the admins have been informed" you should be able 
to turn around to your dependees and say "I've talked to splat this 
morning and they say they've got a {person of non specific gender} on it 
and its all going to be ok". Maybe I'm just old fashioned though.