[Balug-admin] Re: BALUG site cracked!: "H4ck3rsBr um passrinho que naum tinha cu foi caga e explodiu"

Xavier balug-talk@xav.to
Sat Sep 3 16:03:59 PDT 2005


michael@offroadgeek.com wrote:
> OK... both you Michael and Xavier are freakishly paranoid and apparently
> have too much time on your hands today.

I have a flu thingy, thank you.

And without a back end view, its not easy or safe to assume that little 
has gone wrong. Moreover in the past worse has happened and nothing got 
done about it for a long time.

> The hack that was used was a simple way to change the index.php file.  The
> hackers did not actually break into the server and no security is
> compromised.

Do you have immutable logs to verify that?

Though it really wouldn't surprise me if they limited themselves to 
that. The ability to swap in PHP code offers quite alot of latitude to 
crackers. (the user end looks like a straight text file, that does not 
have to be true though, nor would it have to stay false for more than 
one page view)

> I obviously have full access to the servers balug is hosted on, and I have
> no intention of adding anyone else.  If you guys want full access to the
> servers then I would recommend the site and mailing list be moved and
> hosted elsewhere...

I'm in the process of advocating that, as always. :-)



More information about the BALUG-Admin mailing list