i got the hax.

January 21, 2006

I woke up this afternoon to find that a group of swedish hackers defaced this website.

It was pretty neat to see the defacement page there.

So, I logged in on the old shell to find that they had originally logged in back on the 4th of january.

After that, i found that they backdoored my wordpress configuration file with some code to run server-side commands, as well as the old wp.php file with code they could use to retrieve my database login.

A grep of previous access logs shows that they found an old vulnerable script that i had wrote back a long time ago, and used it to find my system login via my wordpress configuration file.

How did they find my system login? While setting up this website, i got lazy and didn’t feel like creating a new database user for the database wordpress was set to use. So, i just used my default cpanel username.

The host (blinx.net) had mod_security installed, but he didn’t setup a ruleset. I helped him out with that, and got it all installified.

I’m considering moving this over to my dedicated server where i run sshd, and ftp on an alternate port, so they wouldn’t be able to login.

They cleaned out the .bash_history file, so i have no idae what commands they ran.

Ohh well, it was an interesting experience. Congratulations go out to whatever schoolboy with a book of common security holes hacked me.


One Response to “i got the hax.”

  1. Krista Antonini Says:

    Guess who the target was.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: