[Balug-admin] Re: BALUG site cracked!: "H4ck3rsBr um passrinho que naum tinha cu foi caga e explodiu"

michael@offroadgeek.com michael@offroadgeek.com
Sat Sep 3 14:48:15 PDT 2005


OK... both you Michael and Xavier are freakishly paranoid and apparently
have too much time on your hands today.

The hack that was used was a simple way to change the index.php file.  The
hackers did not actually break into the server and no security is
compromised.

This is due to a simple postnuke security hole, and I am going to patch it
as soon as I finish this email.

The site is already back to normal (just switched the php file with a
backup).

I obviously have full access to the servers balug is hosted on, and I have
no intention of adding anyone else.  If you guys want full access to the
servers then I would recommend the site and mailing list be moved and
hosted elsewhere...



On Sat, September 3, 2005 11:43 am, Michael Paoli said:
> I did also drop dreamhost a pair of notes.  Since I don't have "customer"
> level access, it just went in on their general form, and they seem to only
> "promise"/imply they'll read it within 24 hours ... and I don't know if
> that
> would be even that "timely" and applicable over a 3 day holiday weekend.
>
> Anyway, this is what I sent to their "Abuse Department" and "Public
> Relations":
>
> Subject: cracked site - please pull
>
> Can you please effectively pull (at least block port
> 80) until the person(s) legitimately responsible for
> the site can repair it.
>
> It is quite apparently cracked:
> http://www.balug.org/
>
> Thanks.
>
>
> Quoting Michael Paoli:
>
>> Michael Hubbard <michael@offroadgeek.com> - can you do anything about
>> this?
>>
>> Thanks.
>>
>> Quoting Michael Paoli:
>>
>> > Can you try contacting dreamhost, and have them at least temporariliy
>> > (virtually) pull the plug on at balug.org. TCP port 80 (pointing out
>> to
>> > them that it's apparently quite obviously cracked, if necessary), at
>> > least until it can get fixed.  Have you also tried contacting Hubbard?
>> >
>> > Better (temporarily) no page than a cracked one (and presumably site,
>> etc.)
>> >
>> > *So far* Google cache has the uncracked page ... but that could change
>> at
>> > any time.
>> >
>> > It *seems* the lists are okay, ... but never know for sure (or who
>> might
>> be
>> > watching their messages/content).  Of course most of the info. that's
>> sent
>> > there is public or semi-public anyway.
>> >
>> > Quoting Xavier <balug-talk@xav.to>:
>> >
>> > > Michael Paoli wrote:
>> > > > This doesn't look good:
>> > > > http://www.balug.org/
>> > > > "H4ck3rsBr um passrinho que naum tinha cu foi caga e explodiu"
>> > > >
>> > > > Who's got the access to get in and clean stuff up ASAP?
>> > > >
>> > > > Also, time to change all the site passwords (at least all the
>> content
>> > > > change access passwords), and to also ensure they only go across
>> secure
>> > > > communications channels, etc.
>> > >
>> > > Postnuke is once again nuked, only person I know with a reasonable
>> level
>>
>> > > of access is Hubbard. At this point my admin pass on Postnuked is
>> worth
>>
>> > > about the same as if I had scribbled "$1000" onto a sheet of toilet
>> > paper.
>> > >
>> > > If the lists are down then this is a fine mess.
>





More information about the BALUG-Admin mailing list