Bloggers Hacked

Well, my primary box was cracked by a dipshit going after the recent awstats.pl bug. It's the same thing that hit Russell the other day. The bare bones stuff (blog/comments/inbound email) is working on my secondary box. But a lot more needs to be fixed. Yeay for me having reasonably good backups! Boo for the asshole who did it. More later, but I need to sleep. It's 3.5 hours past when I planned to go to bed. :-( Comment from readers ... Patrick Gibson I've noticed that most web-based exploits work by executing commands that download, compile, and run files in /tmp. My question is why /tmp allows execution by default of most Unix distributions? I run FreeBSD on my servers, and have the noexec flag in /etc/fstab for the /tmp partition. While you shouldn't only rely on this, it does seem to resist most if not all of the PHP/Perl/web-based exploits in the recent past long enough to give me an opportunity to upgrade or fix whatever is causing the problem. When the recent phpBB exploit was announced, I noticed several attempts in my /tmp of people downloading source code or pre-compiled binaries, but none were successful. The only time this has caused a problem for me is when I need to do a make world in FreeBSD. This is easily resolved by remounting /tmp without the noexec flag for the period during which I'm upgrading the system. Ben Milleare The reason they get the screenshot so quick is because the defacers report the crack straight away: Jeremy Zawodny's blog. Jeremy is part of the Yahoo search team and frequently posts in the Jeremy Zawodny's blog