[SATLUG] Hacked!

Bruce Dubbs bruce.dubbs at gmail.com
Mon Mar 5 16:58:33 CST 2012


The server was hacked this morning.  Thanks to Frank Huddleston we 
caught it early.  The problem was that I put up a poorly designed script 
that allowed an anonymous user to upload a file to a location that could 
be executed.

My excuse is that I wrote the script in 2007.  Well that's not really an 
excuse, but it's been sitting there since then.

The hack script that is uploaded can be reviewed at 
http://www.satlug.org/sec.phps

I'm still reviewing it, but sing out if you see something interesting.

The only user accessed appeared to be apache and only the file changed 
that I can tell was index.html.  I'll watch the site a little closer.

   -- Bruce


More information about the SATLUG mailing list