181
Announcements / Hacked! (Or "Why I Hate People")
« on: September 11, 2005, 12:47:47 am »
As I'm sure you noticed, Xepher.net was down for the first half of Saturday. Someone hacked into the server, and replaced every single file with a name starting with "index" with redirects to a hacked forum in germany. I believe I found and fixed the bug they exploited to gain access (a very obscure heap overflow in the perl compatible regular expression library) but I'm not 100% positive that was how they did it. As such, I'm still a bit jumpy about bringing things back online. As such, PLEASE report anything suspicious to me as soon as you see it.
Now, the damage. As I said, they replaced all those files with redirects, completely destroying whatever info used to be in the file. I wrote a script that went and found all such files, then replaced them from the system backup. Problem is, the system backup is a couple months old, and therefore many websites are gonna be rather anachronistic. If you have local copies of your files, go and replace anything named "index" that might have been changed in the past couple months.
Also, I'm gonna be adding more layers of security to the system. I'll post notes on that as I go, but some of it will be stuff you need to know about. Most noteably, I'm going to install a system that watches for failed logins (bad passwords) and will completely ban an IP address if you get too many failures in a row. As such, if you forget/lose a password, do NOT just keep guessing, or you'll get completely blocked for at least an hour.
If anybody has some suggestions for security measures I could add, suggest them here.
Grrr... this whole thing makes me so angry. Today was a beautiful fall day, but instead of getting out and going fishing, I ended up spending the entire day digging through files and code. Completely ruined my Saturday just because some hackers got bored and wanted to show off.
I hate people.
Now, the damage. As I said, they replaced all those files with redirects, completely destroying whatever info used to be in the file. I wrote a script that went and found all such files, then replaced them from the system backup. Problem is, the system backup is a couple months old, and therefore many websites are gonna be rather anachronistic. If you have local copies of your files, go and replace anything named "index" that might have been changed in the past couple months.
Also, I'm gonna be adding more layers of security to the system. I'll post notes on that as I go, but some of it will be stuff you need to know about. Most noteably, I'm going to install a system that watches for failed logins (bad passwords) and will completely ban an IP address if you get too many failures in a row. As such, if you forget/lose a password, do NOT just keep guessing, or you'll get completely blocked for at least an hour.
If anybody has some suggestions for security measures I could add, suggest them here.
Grrr... this whole thing makes me so angry. Today was a beautiful fall day, but instead of getting out and going fishing, I ended up spending the entire day digging through files and code. Completely ruined my Saturday just because some hackers got bored and wanted to show off.
I hate people.