[Lincs] lug.org.uk has been compromised!
Marc McGuinness
marc at mcguinness.de
Mon Nov 22 22:52:14 GMT 2004
Hello,
I've got my own server rack with about 80Gbyte hard disk online. I could
host it as well.
The main reason why I think we should leave the web page where it is, is
the independency of the provider. lug.org.uk is independent and we will
still want to use some of their services in future anyway, because
that's the first place where people will search for Lincolnshire LUG.
Is it possible to migrate and extract the user database for the mailing
list? I'm not sure about this, because we don't have full permissions...
You won't be able to prevent this kind of exploit on any other server,
because it has to do with secure php programming. If you host different
domains and web pages there will always be a security hole caused by a
user somewhere.
Actually it didn't take the server administrators long to react and
identify the vulnerability. I'm quite pleased with the way they keep us
up to date and work on the forensic analysis. I doubt it could be any
better.
I'd like to hear some more opinions!
Marc
More information about the Lincs
mailing list