Marco Bambini wrote:
On 25/giu/04, at 17:34, D. Richard Hipp wrote:
3 days ago, somebody broke into the SQLite website and
defaced the CVSTrac homepage. (www.cvstrac.org and www.sqlite.org
share the same machine.)
You are not alone:
http://www.zone-h.org/en/defacements/filter/filter_defacer=Russel-Aid/
Details at:
http://www.zone-h.org/en/defacements/filter/filter_ip=64.5.53.192/
Unfortunately there is no information about the kind of attack...
The second link alerted me to another file that contained the
attack: http://www.sqlite.org/index2.html
This supports my theory that the attack came in through CVS.
The main index page "index.html" is owned by root. The attacker
could not overwrite it, so they created a alternative page at
index2.html. So the boast that the machine was rooted, appears
to be just that - a boast. In fact, the attacker was only able
to become the CVS user.
Who can help me move CVS into a chroot jail?
--
D. Richard Hipp -- [EMAIL PROTECTED] -- 704.948.4565
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
