Mass defacing of sites

Discussion in 'Site & Server Administration' started by nevetS, Aug 17, 2005.

  1. #1
    all sites on one server I own had their index.htm's defaced on aug 15, about 4:45.

    I did a little research and this happened to at least 400 other servers. Check your sites.
     
    nevetS, Aug 17, 2005 IP
  2. Lever

    Lever Deep Thought

    Messages:
    1,823
    Likes Received:
    94
    Best Answers:
    0
    Trophy Points:
    145
    #2
    What was the nature of the defacing dude?
     
    Lever, Aug 17, 2005 IP
  3. yfs1

    yfs1 User Title Not Found

    Messages:
    13,798
    Likes Received:
    922
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Also were these servers with The Planet?

    I didn't have any issues with any of my sites
     
    yfs1, Aug 17, 2005 IP
  4. City2

    City2 Peon

    Messages:
    542
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    0
    #4
    What exploit?
     
    City2, Aug 17, 2005 IP
  5. nevetS

    nevetS Evolving Dragon

    Messages:
    2,544
    Likes Received:
    211
    Best Answers:
    0
    Trophy Points:
    135
    #5
    not sure of the exploit now, but I did have some sites running old versions of postnuke and I think that was probably the culprit. They overwrote all of the index files. Right now I'm switching between updating files and searching logs for information. I've been pissed off before, but never this pissed. I discovered the problem because I just ran my backup and noticed that more files than normal had changed.

    Also... EVERY TIME I've implemented spamassassin, I've had security issues almost immediately following the implementation. I implemented spam assassin again about two weeks ago. I'm wondering if it's a security hole in the software, or if I just end up pissing people off because of it.

    Holy cow. They hit over 6000 files. I had no idea I had that many index files.
     
    nevetS, Aug 17, 2005 IP
  6. RectangleMan

    RectangleMan Notable Member

    Messages:
    2,825
    Likes Received:
    132
    Best Answers:
    0
    Trophy Points:
    210
    #6
    What OS is your server?

    Also one site should not have permissions to change files on another.
     
    RectangleMan, Aug 18, 2005 IP