[mohaa] icculus.org

morphiend morphiend at fuse.net
Wed Jun 25 07:57:04 EDT 2003


Here's the lowdown from the site:
-- Begin Quote
We got hacked. It's under control, but the cocksucker tagged us during
the WWDC keynote, when I was otherwise occupied. We have cleaned up,
except we need to replace some vandalized HTML from backup and upgrade
some software before the webserver can go back up. Email and other
services are working.

For the record, it looks like he used a PHP exploit to execute a file
which locally exploited the Linux 2.4.20 ptrace() hole. This means he
had a root shell.

What you can do:

    * CHANGE YOUR PASSWORD. I don't think they were compromised, but you
never know. We have verified that the "ssh" and "passwd" binaries are
not compromised, so log in and change it.
    * VERIFY YOUR SOURCE. If you have a cvs project, do a fresh checkout
and diff it against your existing sources. I don't think this is a
problem, either, but safety first.
    * PAY IT FORWARD. If you can't raise your kids to not be script
kiddie fuckheads, consider birth control. 

Again, everything is back up but the web server, which will come back
hopefully tonight.

Stay tuned, True Believers.

--The McManagement.
-- End Quote

Hope that clears up any confusion.

-- Mike


-----Original Message-----
From: richardnharrison at btinternet.com
[mailto:richardnharrison at btinternet.com] 
Sent: Wednesday, June 25, 2003 4:45 AM
To: mohaa at icculus.org
Subject: RE: [mohaa] icculus.org

not me.

>  from:    Bradley Caricofe <caricofe at comcast.net>
>  date:    Tue, 24 Jun 2003 23:05:01
>  to:      mohaa at icculus.org
>  subject: RE: [mohaa] icculus.org
> 
> A couple of weeks later and I still can't get to Icculus.org, was
wondering
> if anyone else could? 




More information about the Mohaa mailing list