radioclub server hacked

Posted in Technicalon Dec 5, 2004

The webserver for radioclub.byu.edu recently got hacked through a php exploit in urldecode. I’m not exactly sure how this all worked, but I found that an irc bot was running on my server, and looking through the apache logs, I found that the exploit recently described as the howdark exploit. What is left to be determined is if the hacker got root access. In which case, I would have to reinstall the entire system and examine any migrated files. If I can determine that he did not get root access, then I can simply delete the files and fix the whole and hope other things like it don’t happen again.

I’ve also made sure that any other installations of phpBB2 hanging around on my other servers are either upgraded or deleted.

If anyone is running phpBB2 with a version less than 2.0.11, you really should upgrade immediately.

Related posts

  1. Google Blog hacked?
  2. Those who don’t want broadband Internet
  3. New BYU Ham Radio Site
  4. BYU continues to block YouTube
  5. BYU’s new website theme fosters identity theft

Comment Form

Status Updates

'>
Converted all my SSL apps to Google App Engine. I didn't want to have to pay for my own SSL certificate any more, and App Engine allows for SSL sites with valid and recognized certificates (on their appspot.com domain) for free.
Mar 18, 2010
  • Jacob BYU won their first round game! I'm not sure what to do, this has never happened to me before. Mar 18, 2010
  • 20T? I don't know if I can take any more Mar 18, 2010

    • Categories

    Copyright © 2004-2010 Jacob Brunson. | Log in

    Compositio Theme is created by: Design Disease.