[ubuntu-uk] Website Hacked.....

Johnathon Tinsley kirrus at kirrus.co.uk
Mon Jun 29 09:35:15 BST 2009

William Anderson wrote:
> Matthew Macdonald-Wallace wrote:
>> [snip]
>> A strong password is useless if the hack was carried out using a  
>> remote file include or a vulnerability in code that was on the website  
>> to elevate permissions.  From your other comments in the thread, I  
>> doubt that your netbook is compromised.  I'd lay the blame at the feet  
>> of Wordpress or similar.
> I'd be inclined to agree here.  I note you (John) are running WP 2.7.1
> on furrycritters.co.uk, so the CMS itself may not be responsible, but
> perhaps one of the WP plugins installed, or more likely PHPBB, which is
> a very popular attack vector, due to the myriad of holes in the various
> versions of the code.
> [snip]

We've had a few servers exploited with this one recently:

Luckily, as I said in the report, no-one has managed to yet go on and
rootkit a box, but it's only a matter of time.

If you're a host, or work in one, watch out for this one. Debian have
patched it in their repos, so if you've any debian servers, make sure
you use this upgrade :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20090629/4f162de5/attachment.pgp 

More information about the ubuntu-uk mailing list