Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#167450 - 24/06/2003 19:43 Recent incident on the server
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
Well, since one of the other admins went to all the work of sending me this, I figure I'll let everyone know.
------
Executive summary: Last Tuesday, the server hosting RioCar was compromised. We do not believe anything relating to RioCar was accessed in any way. We have secured the server for the short term and will replace it entirely in the near future.

Details: Late afternoon on Tuesday, June 17th, the server hosting RioCar was compromised. A user's phpBB web board (unrelated to RioCar) was exploited to run the ptrace privilege escalation exploit in order to install the SucKIT kernel rootkit. Two additional infrequently accessed user accounts with weak passwords (also unrelated to RioCar) were cracked as well.

The culprit, a Romanian likely simply collecting accounts with no knowledge of RioCar's services on the server, had root access for at least one hour before we disabled the exploit. However, we have full logs from that time, and there is no indication that any of RioCar's services, files or other information on the server were read, copied, altered or otherwise accessed.

The server has been restored to a secure state, and we do not expect the problem to recur. We are reviewing all accounts and hosted services for other potential exploits. Within the next thirty days, all services will be migrated to new machines in a different IP range with a more secure, distributed setup.

If you have questions, please let me know.
------

This is related to the posts from gooberhead in a way. One of the local users took it upon themselves to probe sites like this and RioCar.org for holes. They have been informed that their unprofessional methods were not appreciated.

The only data of real value to someone between the BBS and RioCar.org is the private list of e-mail addresses that sit in their database. There is no evidence this information was accessed in any way by the hacker. All passwords are one way encrypted, and any other information is something entered by you to be seen by the public.

Also, random note. If you use the subscription featores of this board (either to see all posts, or when new ones are made to your posts), please ensure your e-mail address is entered properly and is still valid. There are quite a few bounce e-mails generated in a day, and some of them come from broken *cough*Exchange*cough* mail servers that don't send the bounce notification to the right e-mail address. Thus, some of the other admins on the box beyond me get these messages.

Top
#167451 - 25/06/2003 03:49 Re: Recent incident on the server [Re: drakino]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
They have been informed that their unprofessional methods were not appreciated.
I dunno, it got some funny replies. I want a "gooberhead was right" t-shirt..
_________________________
Tony Fabris

Top
#167452 - 25/06/2003 06:10 Re: Recent incident on the server [Re: tfabris]
foxtrot_xray
addict

Registered: 03/03/2002
Posts: 687
Loc: Atlanta, Georgia
Heh. Oh, jeez.

"New RioCar.Org T-Shirts are available! They're 100% white cotton! The front logo over the brest pocket is the small RioCar.org logo. Back logo contains, in bright red letters, three lines (in 'incorrect' php commands, even!):

<?php
print 'GoObErHeAd WuZ RitE!'
?>

Quick! Get yours today! Gooberhead said so!"

Yup. It works.
Me.
_________________________
Mike 'Fox' Morrey 128BPM@124MPH. Love it! 2002 BRG Mini Cooper

Top
#167453 - 25/06/2003 06:15 Re: Recent incident on the server [Re: tfabris]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
"Free Gooberhead!"
_________________________
- Tony C
my empeg stuff

Top
#167454 - 25/06/2003 21:11 Re: Recent incident on the server [Re: tfabris]
canuckInOR
carpal tunnel

Registered: 13/02/2002
Posts: 3212
Loc: Portland, OR
Yeah, I was disappointed to see that it was locked by the time I got to it -- I had a funny one-liner. I can't remember what it was now, but I'm sure it would have made someone wipe their screen.

*sigh*

Top