Short but sweet, it's 3AM and I want sleep.
Club's webserver has been running an old and unsupported version of RedHat (7.1) for quite a while now. Yet another one of those "we know it's not good but no one really has the time or desire to fix it" problems that you find in volunteer organizations. :)
Anyway, we were just asking to get hacked, and it finally happened. Last weekend we had two incidents, unsure whether they were related:
1) Our Wiki was defaced by some hacker group talking about Albanians. If you're interested in seeing what it looked like, here's a 328k PNG screenshot - http://www.nerd-out.com/kplug/wiki_deface.png
2) Some sort of Apache-related hole was used to put a UDP packet generator on the server and run it as a DDoS against some other IP numbers unrelated to our club. I say Apache-related because the malicious program was owned by the 'http' user - it does not appear that the attacker ever got root access to the server. It could have been a PHP hole, or a hole in one of our web scripts.
The two incidents above were the final straws. Today I went to the colo and dropped in a new 36GB drive and did a fresh Debian installation on it. We've been planning for quite a while to move to Debian with Mailman for our mailing list management, so now was the best opportunity to do so - a clean break! So as of tonight, we're up and running on a fresh and current Linux install, and have moved all list subscriptions over to Mailman.
I also have not been happy with the state of our website and wiki for quite some time, so I'm using this opportunity for another clean break in which I can overhaul both and get them integrated into a more usable whole. This is going to take a few days to get going, so in the meantime you'll find a very basic "Hi we're not dead" website at http://www.kernel-panic.org
That's all for now, more updates later.
--j _______________________________________________ KPLUG-Steer mailing list [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-steer
