It’s been a week since we discovered a hacker had gained access to a few of our customers’ web servers, and I’m still playing catch-up because of the little bastard. For those who understand these things, he apparently used a common exploit with XML-RPC in older Linux versions.
I just haven’t had time to keep up to date with Linux lately. I started getting back into it a bit when I had to an emergency update on the Fedora Unleashed book for Fedora 2 (should have had an author credit really, but instead I got my name in bold in the Acknowledgements…) but it didn’t last. So I really don’t know what this involves, but Kev our security guy said "I’d be surprised if it hasn’t been hacked ten times over" when he took a look at the remains of one of them. Pretty widespread stuff then.
The hacker, as it turns out, was a cheeky little sod. He actually tried to contact us whilst logged into one of the machines. He created a user account called "hi" and sent console messages to one of my colleagues, offering his services to fix our servers.
Seriously – does anyone ever reply and say "oh yes please"?
Comments