Hacked again!

Post #1by **chris** » 05.04.2003, 00:03

Script kiddies must die!

Shatters.net was hacked a couple days ago. Someone found a vulnerability and installed a rootkit. Of course, the root kit was incompatible with the OS version I had installed, and within two hours, there was a kernel panic. I tried to reboot, but the system was sufficiently screwed that booting was impossible. My own stupid fault for not installing security updates as they became available . . .

Rather than try and repair the old system, I upgraded to the brand new RedHat 9.0, and I'm now attempting to get everything back to normal. Well, even better than normal . . . I added a new HD to http://www.shatters.net as well as an extra 512 megs of RAM. Notice that the forum software has been updated . . .

And . . . now that I have KDE3 installed, I can finally try outKDE version of Celestia!

My email is still not working, but most other stuff is back: the forum (obviously), the user galleries, t00fri's texture foundry. Please post to this thread (or private message me) if you discover anything wrong with the site.

--Chris

Darkbolt · Post #2by **Darkbolt** » 05.04.2003, 01:02

redhat 9.0?? you mean 8.0?...In any event I've heard thats rather slow...is it?? & how much ram are you using total?

Post #3by **chris** » 05.04.2003, 01:15

RedHat 9 was release on March 31. It doesn't seem slower than 7.2 . . . http://www.shatters.net now has 768 megs of RAM, which should be plenty of room for both development and server tasks.

--Chris

Darkbolt · Post #4by **Darkbolt** » 05.04.2003, 01:28

ah, last I was aware the latest release was 8.0, I didnt know they just released 9. Does it still have bluecurve in it? i've heard they've been trying to make it alot more windows-ish

Rassilon · Post #5by **Rassilon** » 05.04.2003, 05:30

my ftp isnt working and the site on your server...whenever you can get around to its fine...thx...

Post #6by **t00fri** » 05.04.2003, 09:02

chris wrote:Script kiddies must die!

My email is still not working, but most other stuff is back: the forum (obviously), the user galleries, t00fri's texture foundry. Please post to this thread (or private message me) if you discover anything wrong with the site.

--Chris

+++t00fri+++t00fri+++t00fri+++

Chris:

lots of things are not working for me:

1) I cannot log into the forum!
After typing in my old password, a message says : http://www.myserver.tld not found.

2) I cannot log in anymore into my account on http://www.scatters.net. I used ssh with a ssh1 public key authorization (no password). Now /fortunately/ shatters.net runs on ssh2. I need to transfer a new public key. But my old password is not recognized anymore...

3) All cgi scripting on the TexFoundry does not execute. I.e. nobody can use it. PERMISSIONS!
...and an exec link to ~t00fri/public_html....

Bye Fridger

+++t00fri+++t00fri+++t00fri

Post #7by **t00fri** » 05.04.2003, 09:08

It's even more interesting:

I am told that I cannot login (http://www.myserver.tld not found;-)). When I nevertheless enter a message (assuming to be a guest) I am registered as t00fri....

I just got this brilliant little idea of how to hack this mailbox;-)...

Bye Fridger

Post #8by **t00fri** » 05.04.2003, 09:27

Where are my previous posts!

Lots of things do not work anymore for me....

Bye Fridger

Post #9by **t00fri** » 05.04.2003, 09:40

After I was "illegally" logged in by the box, I cannot logout anymore! Again server http://www.myserver.tld not found;-)

Sometimes the system also notes :illegal session;-)

How clever....

Bye Fridger

Thilo · Post #10by **Thilo** » 05.04.2003, 13:46

Chris: why redhat? Debian may not be as convenient to install, but for servers it is definitely better.

with a regularly run "apt-get update && apt-get upgrade" you have a secure system again.

Sum0 · Post #11by **Sum0** » 05.04.2003, 14:13

Well, it seems every cloud has a silver lining. Well, except for poor Fridger, who just gets rained on.

Rassilon · Post #12by **Rassilon** » 05.04.2003, 15:20

Thilo wrote:why redhat?

Well in layman terms windows 2000 server sucks :mrgreen:

Im getting some wierd forum bugs as wellYou know chris the forum software I use is quite nice....And you can convert phpBB posts to it I believe...

http://www.invisionboard.com/?resources

Worth a shot...

Oh and I tried changing the skin as suggested and it barked at me...signature too long...suppose its a matter of changing my sig or lengthening it in the prefs

...

*hands Fridger an unbrella*

Thilo · Post #13by **Thilo** » 05.04.2003, 19:20

rassilon: was kindof a typo.. actually wanted to say that debian is by far better fit to be on a server than redhat in my opinion ... BTW: apt-get exists also for redhat ;)

Guest · Post #14by **Guest** » 05.04.2003, 19:24

This is just a test. Try to be a Guest;-)

Bye Fridger

Don. Edwards · Post #15by **Don. Edwards** » 05.04.2003, 19:47

Hey Fridger,
You are not the only one who can't get into there storage area. I too am cut off from from my storage folder and I am afraid so is everyone else.
But the gallery seems to be working fine.
Arhg!!!!
I can't even get in with an ftp client. Chris you have got to fix this. I can get into my storage acount at all.

Darkbolt · Post #16by **Darkbolt** » 05.04.2003, 23:09

Thilo wrote:rassilon: was kindof a typo.. actually wanted to say that debian is by far better fit to be on a server than redhat in my opinion ... BTW: apt-get exists also for redhat

Not exactly, alot of servers use RH for their os, then again they tend to use RH advanced server, which goes for about $700...I imagine its more stable than others tho...and as you said, there is apt-rpm

John Van Vliet · Post #17by **John Van Vliet** » 06.04.2003, 18:31

Hi every one (I KNOW YOU MEAN --MY SITE IS UNDER MINER ATACKS DAiLY --. Using XP with Apache and XOops seams to do fine . And the main windows bug (random carictors )(ie http://68.41.19......./JohnsCelestiaPage/ /48576weoiuhgkdgtk4l2568423079828467qtrkhjrsobngh=-05e6suiytergh8wetn
relotyhrtyrrli.html
dosent work

John Van Vliet · Post #18by **John Van Vliet** » 06.04.2003, 18:53

I get the same error messige : http://www.myserver.tld not found. But when
i click the forum link ,on the left , i fined that i am loged in . The same gose for logging out an error but i am logged out .

Post #19by **chris** » 06.04.2003, 19:24

I think I've got the http://www.myserver.tld anomaly fixed . . . There was apparently a new configuration parameter added to this latest version of phpbb2, and it's default value is http://www.myserver.tld. I've changed it to shatters.net, which will hopefully fix everything.

--Chris

Post #20by **chris** » 06.04.2003, 19:33

Don. Edwards wrote:Hey Fridger,
You are not the only one who can't get into there storage area. I too am cut off from from my storage folder and I am afraid so is everyone else.
But the gallery seems to be working fine.
Arhg!!!!
I can't even get in with an ftp client. Chris you have got to fix this. I can get into my storage acount at all.

I'll have this restored today . . . It's just a matter of copying data from the old hard drive and resetting your password.

--Chris

Celestia Forums

Hacked again!

Hacked again!

Re: Hacked again!

re

re