[blu] Re: My website was hacked! (fwd)
bbj at innismir.net
bbj at innismir.net
Wed Nov 24 23:56:09 EST 2004
On November 24, 11:48 pm David Kramer <david at thekramers.net> wrote:
> I think I found it. I'm running TWiki, and at that time there were
> some really nasty things happening in access_log and error_log.
Yup.
http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch
I think this was posted on FD yesterday.
> I will also note that the "bandits.webm.ru" website contains one
> phrase, in Russian: "Soon it will begin..."
Typical Script Kiddie Rhetoric.
> I'm going to disable TWiki for now.
Very Good Idea. My personal opinion is that once you've been owned by an
actual human at the keyboard, your only safe way out is to blow away the
box and start from scratch. Anyhting you keep from the last install should
be inspected by hand.
More information about the Discuss
mailing list