I’ve Been Exploited
A couple days ago I noticed I had an unusual amount of traffic to my site from a number of IP addresses beginning with 222. I checked my logs and found out they had installed a backdoor into my Dreamhost user account, which was the web application called C99Shell.
Obviously this is a serious vulnerability (just Google it) and I have worked to eliminate it from my site. Unfortunately, I noticed they had come back — with bash access. How they got it is beyond me, but I’ve taken some steps to prevent them from returning (changing my password, etc.) . I put this out here because the script-kiddies are capable of much more than what they’ve been doing (spamming) whether they know it or not. I’ve ensured that they have _not_ installed any viruses on any of my site, but take care while browsing not to use Internet Explorer, just in case anything _does_ happen. Also be aware that all comments henceforth must be approved by me.
2 Responses to “I’ve Been Exploited”
| TOP READERS | #comments |
| Kevin^L | 43 |
| Mary | 28 |
| tim | 10 |
| Adam | 7 |
| The Cheshire Hippie | 6 |
Leave a Reply
November 18th, 2006 at 10:26 am
[…] Original post by possum.kicks-ass.org and published by w-plaza This entry is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site. Leave a Reply […]
UsingNovember 18th, 2006 at 2:05 pm
I just wanted to point out , for anyone who is concerned, that this problem appears to have occurred with Wordpress 1.5.4 (I think) on a shared hosting Debian machine with what appears to be a buffer overflow via the login interface. I have since upgraded to the latest Wordpress 2.0.5.
Using