On Mon, 2 Jul 2001, Pablo Manalastas wrote:
>
> The Phil. Daily Inquirer reported today (InfoTech section) that the
> GMA-7 website was defaced by a hacker last Wednesday. The news article
> also reports that the website is hosted by inter.net
> (Contreras/Paras/etc.). A check of the website
> http://www.gmanetwork.com/ showed that the site is running Apache
> 1.3.6/modperl 1.21/modssl 2.2.8/openssl 0.9.2b on Linux. Testing ssl
> on port 443 produced an error (bad SSL server certificate?). Could
> this error be the cause of the security hole? Anyone knows the
> details? Could modperl be the culprit? (magagalit si Orly dito).
>
I have the GMA website's server right here next to me. It used to run
Apache on Solaris, but apparently how they defaced it was a helluvalot
simpler than a security hole. We had a good look and it turns out that
SOMEONE'S PASSWORD GOT STOLEN. !@#!$@#%@!!!! TELNET LUSERS!!!!
We are now in the process of having a full security audit of all our major
systems.
By the way, the GMA website is not running on the original box. That
server which you've probed is where we temporarily relocated their website
while we perform hardening of the box and do a thorough check of the
system.
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311
Programmer, InterdotNet Philippines +63(917) 4458925
http://dido.engr.internet.org.ph/
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w---
O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+
G e++ h! r++ y+
------END GEEK CODE BLOCK------
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
