[Lincs] lug.org.uk has been compromised!

Marc McGuinness marc at mcguinness.de
Mon Nov 22 17:42:08 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Chris Marr wrote the following on 22.11.2004 16:34:
| Greets, I guess I should have intro'd myself earlier, I signed up for the
| mailing list about a month ago.
|
| How do you get a backdoor installed (whatever software it came with)
in the
| first place? I'd have thought that lug admins would 1) get the
software from
| a reputable source (ie, download from apache) to have some level of
| culpability, or 2) download source, check it for issues (ie backdoors) and
| then compile and test it.

Two LUGs seem to have vulnerable phpBBs installed. That's what he
exploited and how he got onto the server. It's not the fault of the
server admins.

| I suppose now the cat's out of the bag, how long before it's put back?

The admins are collecting evidence at the moment. They ask every LUG not
to change their configuration and start installing updates, as the
investigation is still in progress.

Marc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBoiT2xMNwTise71cRAq4aAJwO1IgC2HQsawDQFX7fk7QbZg+U9gCfZ4zQ
IBRl2nhNjt2KucZEWOoDlXE=
=9VLL
-----END PGP SIGNATURE-----



More information about the Lincs mailing list