BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[blu] Re: My website was hacked! (fwd)

Subject: [blu] Re: My website was hacked! (fwd)
From: bbj at innismir.net (bbj at innismir.net)
Date: Wed, 24 Nov 2004 23:56:09 -0500
In-reply-to: <Pine.LNX.4.58.0411242338090.29131@uni.thekramers.net>
References: <Pine.LNX.4.58.0411242200490.29131@uni.thekramers.net> <41A55A49.1090207@seremeth.com> <Pine.LNX.4.58.0411242338090.29131@uni.thekramers.net>

On November 24, 11:48 pm David Kramer <david at thekramers.net> wrote:

> I think I found it.  I'm running TWiki, and at that time there were
> some really nasty things happening in access_log and error_log.

Yup.
http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch

I think this was posted on FD yesterday.

> I will also note that the "bandits.webm.ru" website contains one
> phrase, in Russian: "Soon it will begin..."

Typical Script Kiddie Rhetoric.

> I'm going to disable TWiki for now.

Very Good Idea. My personal opinion is that once you've been owned by an
actual human at the keyboard, your only safe way out is to blow away the
box and start from scratch. Anyhting you keep from the last install should
be inspected by hand.

Follow-Ups:
- [blu] Re: My website was hacked! (fwd)
  - From: david at thekramers.net (David Kramer)

References:
- My website was hacked! (fwd)
  - From: david at thekramers.net (David Kramer)
- My website was hacked! (fwd)
  - From: blu_discuss at seremeth.com (Steve Seremeth)
- My website was hacked! (fwd)
  - From: david at thekramers.net (David Kramer)

Prev by Date: My website was hacked! (fwd)
Next by Date: Professional Insurance
Previous by thread: My website was hacked! (fwd)
Next by thread: [blu] Re: My website was hacked! (fwd)
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org