Welcome to Geeklog, Anonymous Monday, December 23 2024 @ 04:51 am EST
Geeklog Forums
Site Went Down - Very Curious.
Ok...
Yesterday my site was just fine and dandy. This morning, went by to check on it.. Just a Blank Page (no errors...just white)
Nothing in Error logs....
Found my index.php and users.php attributes as just ---------- Was unable to change them, deleted both, and uploaded from backups.
What would do this??
Immediately changed my FTP log-in password, just in case...
Ideas??
Night
Yesterday my site was just fine and dandy. This morning, went by to check on it.. Just a Blank Page (no errors...just white)
Nothing in Error logs....
Found my index.php and users.php attributes as just ---------- Was unable to change them, deleted both, and uploaded from backups.
What would do this??
Immediately changed my FTP log-in password, just in case...
Ideas??
Night
4
4
Quote
Over the course of the past three weeks, my server bandwidth jumped to as much as 50GB day. This represented a near increase in excess of 20,000%.
This is what the Security Team where I lease my dedicated server from found when they conducted their investigation:
"Our security team has come to the realization that a couple of scripts on your server related to a version of geeklog (1.3) are vulnerable to remote command execution attacks. These scripts have been disabled:
http://scimatedu.com/gssm/public_html/index.php
http://scimatedu.com/gssm/public_html/users.php
An attacker from Italy used this vulnerability to upload and launch a malicious backdoor process, and then used your server to distribute pornography. Please update to the latest version of Geeklog before re-enabling these scripts"
So folks, a well learned lesson to keep up with latest releases. I been a little slack, as I've been so busy - the slackness cost me $450 in excess bandwidth usage - my budget is 500GB/month which serves me just fine.
While I'm still not sure how this has been done, I know every user except one (probably the one) - (it's a tight community), although I'm not even sure if it was a user, nor do I understand how this could have been uploaded without mt seeing it anywhere on the server.
Perhaps if someone could give me some insight here as to the how, to help me understand.
The site is down, till I do the upgrade on Sunday www.scimatedu.com
Thanks..
Night
This is what the Security Team where I lease my dedicated server from found when they conducted their investigation:
"Our security team has come to the realization that a couple of scripts on your server related to a version of geeklog (1.3) are vulnerable to remote command execution attacks. These scripts have been disabled:
http://scimatedu.com/gssm/public_html/index.php
http://scimatedu.com/gssm/public_html/users.php
An attacker from Italy used this vulnerability to upload and launch a malicious backdoor process, and then used your server to distribute pornography. Please update to the latest version of Geeklog before re-enabling these scripts"
So folks, a well learned lesson to keep up with latest releases. I been a little slack, as I've been so busy - the slackness cost me $450 in excess bandwidth usage - my budget is 500GB/month which serves me just fine.
While I'm still not sure how this has been done, I know every user except one (probably the one) - (it's a tight community), although I'm not even sure if it was a user, nor do I understand how this could have been uploaded without mt seeing it anywhere on the server.
Perhaps if someone could give me some insight here as to the how, to help me understand.
The site is down, till I do the upgrade on Sunday www.scimatedu.com
Thanks..
Night
4
6
Quote
All times are EST. The time is now 04:51 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content