Anatomy of a hacking

By Kazza the Blank One on December 23, 2004 10:45 PM | | Comments (1)

Well Campbell found the site last night that had been compromised (running phpbb). Somehow, not sure how, it's then trawled through the file system on the server looking for files that were group writeable (all ordinary users are in the same group, so any group writeable files are writeable by everyone else on the server). Generally files shouldn't be group writeable by default, however MT in its default wisdom seems to generate all its files as *world* writeable. *sigh* It could just be the way directories get setup by default, will have to have a play with it - sorry if I break anything in the process :) Fortunately Campbell was online last night to mount the backup partition for me, and I got back my non-blog files that had been overwritten. If anything, it's a good motivation for me to clean out my home directory, as it's totally full of crap.

And on that note, I'm off to bed.

Categories:

1 Comments

Dave2 said:

If you are running under suEXEC or CGIWrap then it's easy to force MT to write out its files without being world-writable... you just need to un-comment some masks in the mt.cfg file.

I have two sites bookmarked from when I did this:

http://blog.kevindonahue.com/archives/2004/04/making_movabletype_m.php

http://www.elise.com/mt/archives/000770cgiwrap_and_suexec.php

December 24, 2004 12:10 AM

   

Leave a comment

Welcome to my little piece of the Blogosphere!

I am a recent Canberra resident after having spent the first 34 years of my life in Sydney. I am married to my beautiful husband Stu, and we live with several computers and a lot of fish.

Kazza the Blank One home

Search