I’ve got all traces of the old cms system off of the server now. (Well there might be a README here or there, but all php scripts from the old CMS are now gone.) At this point I can disclose a bit about the sudden move.
Well, for starters, any web scripting is just like your computer software. It needs to be kept up to date, there are people out there that are continually looking for unpatched software that can be exploited. There were a couple of vulnerabilities in the old CMS system which had been fixed sometime back but I had not updated the software install. There are a couple reasons why and I’m sure they remind me of the reasons not to update desktop software.
1) The fixed version was a big change and I didn’t know how much work it might make for me in fixing things.
2) The license of the software had changed at one point and there was a good deal of ambiguity just how pricey the new version was going to be. (By the way they’ve recently returned it to a GPL licence)
3) I didn’t have much time.
OK, no really good excuses on there, but….
I was checking for email Thursday afternoon and noticed that things had “dried up”. No messages had come in after 3PM, so I start nosing around and find the site has been “disabled for security”. This of course had me very interested. I inquired with my host and heard nothing. After waiting several hours, I re-enabled the site and started nosing through log files and looking for anything out of the ordinary. I did find the file that had been compromised. At this point, the site was up, but MySQL, which the CMS relied on was down, so things were relatively safe. After talking with tech support, they disabled the site because it (along with a number of others at my provider) was being used to mount a DoS attack against their DNS servers. Things were “neutralized” now and it’s time to look at updating your CMS. Well, it just so happens that the website for the CMS I was using was unresponsive, which had me look around and find wordpress. (Which I’m quite glad I did BTW.)
I think what compounded the problem is there were several installs (and versions) of the CMS in my site. I had done a minor update to the one in my main site, but an older testing version had been neglected and was discovered by the hackers that were using it. (Another reminder that a test folder on a webserver isn’t private.)
If there’s enough time tomorrow I’ll try to give a few more details on the exploit that was.
Related PostsRelated Posts
- BBPress 0.9x | Wordpress compatible forum software As you know I've used wordpress as a platform for many of my sites. It makes updating and adding information so quick and easy (as well as great extensions available for it and good theme possibilities.) Anyway, I've wanted forum functionality on a few sites as well and so I......
- Qemu v. 0.8.0 I just happened across The Qemu site and found that qemu v. 0.8.0 has been released *(yesterday). I haven't had a chance to download and try myself, but it looks like the open source virtualization software has had quite a few improvements. Among the most interesting I see are initial......
- RSS feed to spread the word of software updates The computer security landscape today is such that pretty much ALL software, whether it's Operating System, Office Suite, Web browser or device driver is at any given time "the weakest link". One of my dreams as someone that does IT is "what IF there were an easy way to keep......
- Corporate Blogging Link Building Strategies An important part of promoting your corporate blog is making sure that you have plenty of good inbound links coming into your site. This can help increase your overall popularity, as well as how search engines rank your site. While there are some methods of building links that promise the......
- What You Need From a WordPress Hosting Company Wordpress has taken over the world of websites and blogs, creating a simple and easy way for individuals get information out into the world of the Internet. The system gives users an incredibly easy platform to create the blogs, information, and news sites that they need to be successful. The......
- Free Spyware Removal Software I do not recommend using free spyware removal software for many reason but if your going to you might as well use the best free spyware products out there. In the end of this article we will tell you why not to use these programs as your main source of......
- Blackberry Desktop Manager Syncing Calendar to Outlook 2000
- I’m just a bit ill at the moment…..
- Urgent AOL update
- ABC news weighs in on the new browser wars