Puppy Linux Discussion Forum

[Sage]

No respite, either:
http://www.theregister.co.uk/2008/01/11/mysterious_web_infection/
This is looking like a battle of intellects.

[dvw86]

Barry,
You may want to read this blog post by Arnold Kim.
http://normalkid.com/2007/11/20/
Arnold (Arn) is the creator of macrumors.com. It is a very popular rumor and news site focusing on the Apple computer company. He has had many similar issues with PHP based sites including Word Press. His final solution was to use vBulletin, which he has been happy with. Some samples of his post reguarding Word Press include the following.

[prehistoric]

@John Doe,

When I tried to notify a friend, (retired sys admin,) about that European site, his ISP identified the message as spam or a virus. This was a short, hand-typed, text-only message with no attachments. (I suppose I should have used a sophisticated method of hiding content, like ROT13.)

When the message bounced I got a message from my ISP advising me I had sent contaminated mail and to tell their Postmaster if there had been an error. When I did as requested, that message was also rejected because the Postmaster mail box was full.

I think I finally got the message through by splitting the offending text and telling the recipient how to reassemble it. (Wait, let me check for another bounce.)

Aren't ISPs helpful in these situations?

prehistoric

[willhunt]

how do I ban this ip so my machine won;t even go to that IP?

[wingruntled]

willhunt
you could add the IP address hosts name to your /etc/hosts file.
Just edit to the END of your hosts file with the last two lines as I posted below:

127.0.0.1 localhost puppypc

[John Doe]

[willhunt]

Thanks for the quick answer
So am I to take it this kinda behavior is acceptable in turkey?
I've been reading and it seems a lotta people know about him
and his hacks.?

[raffy]

Barry and all,

I now see that puppylinux.org's index file was also changed (I did not have access to FTP last night).

IMHO, this is a major breach of webhosting security, not just of Wordpress. It's a servage.net problem (or its own host).

[Caneri]

Well I got nailed again from Taiwan(maybe)..also attacked my local router a few days ago but I wasn't thinking it to be significant. (wrong I guess).

It may be more than servage as it seems many servers are being hit...judging from what Ive been reading on security zines.

Security levels are at code red on many sites I've seen with hundreds of thousands of commercial/university and city servers being targeted and breached.

It seems to be apache servers that are not up to date...this is where they get into database, php etc.

What a pain!

Eric

[willhunt]

Caneri wrote

[John Doe]

[John Doe]

[cb88]

i am happily posting from vector linux...! got my conexant modem working with the 14.4 kbs driver..

anyway there has been talk over at ubuntu of a boottime kernel compilation for improved proformance (heh they really need it don't they) this would make kernel module unneeded for most....

just thought you guys might find that interesting...

[Caneri]

@John Doe,

My host has it's own custom panel and doesn't use cPanel.

They call it XL6 (inhouse name). If they are right they tell me the perl exploit will not work or be very effective here...but I take that with a grain of salt.

They also tell me older software has been a problem across many hosts...and wordpress is a major problem.

Eric

[John Doe]

thanks for the info Caneri and sorry the intrusive questions. I'm just trying to get a really good idea of what's going on so we can all get it fixed and move forward with a sense of security.

for several years, years ago, i used to work on network exploitation with friends. we never messed anyone's stuff up (with one exception) or wrote stupid scripts to spam crap everywhere. that sort of behavior just pisses me off. we were the types who would write you and tell you to get something fixed to protect yourself. it's a shame there are jerks out there that would do such petty things. they probably sell it as some type of "service" to.