[Balug-admin] Re: BALUG site cracked!: "H4ck3rsBr um passrinho que naum tinha cu foi caga e explodiu"
Xavier
balug-talk@xav.to
Sat Sep 3 16:03:59 PDT 2005
michael@offroadgeek.com wrote:
> OK... both you Michael and Xavier are freakishly paranoid and apparently
> have too much time on your hands today.
I have a flu thingy, thank you.
And without a back end view, its not easy or safe to assume that little
has gone wrong. Moreover in the past worse has happened and nothing got
done about it for a long time.
> The hack that was used was a simple way to change the index.php file. The
> hackers did not actually break into the server and no security is
> compromised.
Do you have immutable logs to verify that?
Though it really wouldn't surprise me if they limited themselves to
that. The ability to swap in PHP code offers quite alot of latitude to
crackers. (the user end looks like a straight text file, that does not
have to be true though, nor would it have to stay false for more than
one page view)
> I obviously have full access to the servers balug is hosted on, and I have
> no intention of adding anyone else. If you guys want full access to the
> servers then I would recommend the site and mailing list be moved and
> hosted elsewhere...
I'm in the process of advocating that, as always. :-)
More information about the BALUG-Admin
mailing list