Log in

No account? Create an account
Previous Entry Share Next Entry

(no subject)

My webserver was hacked sometime yesterday. This means that it will be down until further notice. We've got to do some upgrading and fixing and securing before it comes back up.

I'm wondering "why me?" Was it just a matter of time? Was there something that made it a target? Was there any reason at all? I'm trying not to feel robbed, cheated, violated. It's not working well though.

  • 1
I recently had something similar happen to me when I misconfigured mod_proxy in Apache so that jerks could use my server as an anonymous proxy.

Someone found it almost right away and put my IP on a proxy list so that thieves and criminals could visit porn sites anonymously and rake up falsified ad revenue. I didn't notice the odd hits until the end of the month, then I locked it down.

I figure that maybe 10 percent of the world population are total jerks, but they're unevenly represented on the Internet because the good people stay out of your way and the jerks are able to harass you from anywhere across the globe. Good luck with your clean up, and don't let it get you down.

It's actually presenting the perfect opportunity to upgrade. We've been looking into it for a while, but with it being a live site I was reluctant to bring it down. With the forced down time, it looks like it'll work out.

Thanks for the sympathy, I feel a little less... exposed now.

did they do damage to the box? how'd you realise it'd been hacked? what a pain :(

They managed to install a root kit. My husband was trying to ssh in and it didn't respond. So he went to the main web page and discovered the porn. He logged in locally and noticed that ps had been hacked - it didn't react right. There are some other things, but it's just messy.

  • 1