michael@offroadgeek.com wrote:
OK... both you Michael and Xavier are freakishly paranoid and apparently have too much time on your hands today.
I have a flu thingy, thank you.
And without a back end view, its not easy or safe to assume that little has gone wrong. Moreover in the past worse has happened and nothing got done about it for a long time.
The hack that was used was a simple way to change the index.php file. The hackers did not actually break into the server and no security is compromised.
Do you have immutable logs to verify that?
Though it really wouldn't surprise me if they limited themselves to that. The ability to swap in PHP code offers quite alot of latitude to crackers. (the user end looks like a straight text file, that does not have to be true though, nor would it have to stay false for more than one page view)
I obviously have full access to the servers balug is hosted on, and I have no intention of adding anyone else. If you guys want full access to the servers then I would recommend the site and mailing list be moved and hosted elsewhere...
I'm in the process of advocating that, as always. :-)