Austin Rocky Horror Picture Show Cast

Queerios!

Eat them before they eat you!
* FAQ    * Search
* Login   * Register



Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Forum Downtime
PostPosted: Thu Dec 16, 2004 2:26 pm 
Administrator
Administrator
User avatar

Joined: Mon Jun 09, 2003 1:48 am
Posts: 3083
Location: Austin, TX, USA
As you probably noticed, the forums were down for awhile. The reason for this was that the webserver this web site resides on was hacked into and had a rootkit installed onto it twice in the last week. Were unable to determine the origin of it the first time, but after the second time had it narrowed down to almost certainly being a security hole in the phpBB forums that are used here and on one other site on the same server. Here's the security hole:

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513

And conveniently enough, here's a fairly simple Perl script that lets you take advantage of it:

http://www.k-otik.com/exploits/20041122.r57phpbb2010.pl.php

Even more conveniently, doing a Google search for the phrase "powered by phpBB 2.0.10" will produce a list of hundreds of sites that you can use this on. Whee! At any rate, after each breakin we had to completely reinstall the operating system (Linux) and set up all the web sites over again after transferring the data backups from elsewhere. That took... a bit of time last week. Once things were going again and I was fairly sure I knew what was being taken advantage of to break into the server, I left it running for a bit without the forums just to make sure I was correct that it wouldn't be immediately broken into again. I've installed some security patches and changed some PHP settings to hopefully avoid this sort of thing happening ever again, even when there is a security hole like that in PHP software running on the server. Carry on... :)

_________________
Shawn McHorse
RockyMusic.org / AustinRocky.org


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 


Who is online

Users browsing this forum: No registered users and 111 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron