[SGVLUG] sgvlug.org site hacked

Emerson, Tom (*IC) Tom.Emerson at wbconsultant.com
Tue Nov 10 16:28:41 PST 2009


Well, the "hack" appears to be relatively benign - as I said, the "template" that describes how the page is laid out was replaced by the image [some of] you saw, and I saw (outside of the <html></html> tags) was an embedded .mp3 file

Other than that, there doesn't appear to be anything in the page that would be otherwise dangerous (though time and again, supposedly benign file formats such as .jpg and .mp3 have been known to host "bad things")

I would like to know how they got to the template to replace it though - I know we aren't on "the latest" version of the CMS we use [long story...] so it's possible they used an old/known exploit.

> -----Original Message-----
> From: sgvlug-bounces at sgvlug.net
> [mailto:sgvlug-bounces at sgvlug.net] On Behalf Of Dan Kegel
> Sent: Tuesday, November 10, 2009 4:23 PM
> To: SGVLUG Discussion List.
> Subject: Re: [SGVLUG] sgvlug.org site hacked
>
>
> Better: wipe the system and reinstall...
>
> On Tue, Nov 10, 2009 at 4:20 PM, Emerson, Tom (*IC)
> <Tom.Emerson at wbconsultant.com> wrote:
> > OK, quick fix #1: go back to the "default" template
> >
> > this f*tards replaced our template - Michael, do you have a backup?
> >
> > -----Original Message-----
> > From: sgvlug-bounces at sgvlug.net
> [mailto:sgvlug-bounces at sgvlug.net] On
> > Behalf Of Claude Felizardo
> > Sent: Tuesday, November 10, 2009 3:36 PM
> > To: SGVLUG Discussion List.
> > Subject: Re: [SGVLUG] sgvlug.org site hacked
> >
> > And I was just thinking I should submit something to the Caltech
> > calendar website.   I guess I'll hold off but I really need
> to submit
> > something in the next day.  Please let me know when it's safe to
> > reference the website.
> >
> > claude
> >
> >
> > On Tue, Nov 10, 2009 at 3:27 PM, Rae Yip <rae.yip at gmail.com> wrote:
> >>
> >> Hey folks,
> >>
> >> Don't know if this email will even make it through, but it
> looks like
> >> the SGVLUG website has been hacked. Be wary of any attachments you
> >> get from this mailing list, and take special care when
> visiting the
> >> site.
> >>
> >> Looks like we may need to have a presentation on Linux security
> >> again...
> >>
> >> -Rae.
> >
> >
>


More information about the SGVLUG mailing list