Hacked

posted 02 December 2006

So, around 7pm Friday night UK time, a person or persons unknown used a vulnerability in one the scripts powering one of the sites I host to install a shell kit, and then subsequently a bulk emailer program and two fake websites in directories called "www.a****n.com" and "www.e**y.com". They then proceeded to fool innocents into visiting these sites hosted on my domain after following email from my domain into relinquishing their usernames and passwords.

A little over 11 hours after it started, my hosting company automatically detected the suspicious activity and immediately disabled my account, which was exactly the right thing to do. Since then I have regained access, reset various passwords, and been slowly repairing the damage, but it will be a while before everything is working. It's also quite possible that despite some hatchet work on my part, when my account was re-enabled the hole they used to get in was also re-enabled, as I'm not sure exactly what happened yet. In which case, they will come back and this may happen a few more times before I work out how to stop them.

Obviously, I'm extremely upset about all of this. Quite apart from the downtime, which takes out five or six other people's sites whenever it happens, I've also been the unwilling accomplice in the work of some rather nasty criminals. So there are going to be some upgrades in the name of security and stability around here, which may involve various people's blogs being migrated over to seldo.org to prevent everything collapsing all at once when my .com domain (which attracts the majority of attacks) goes down.

tagged with
0 comment