[SGVLUG] sgvlug.org site hacked

[Dan Kegel]

The reason a wipe-and-reinstall is in order is:
you have no idea what the hackers did.  They might
have installed a rootkit.  Better play it safe!
Everybody who has ever logged in to other systems
from that system should change all their passwords
(though who knows, might be too late).

Outgoing ssh should be also disabled from the server
after reinstall to protect people from keylogging rootkits.
- Dan

On Tue, Nov 10, 2009 at 4:40 PM, Emerson, Tom (*IC)
<Tom.Emerson at wbconsultant.com> wrote:
> Thanks for the heads up Rae - we've put back the original SGVLUG template (thanks Mike!) and marked it "unwritable" [perhaps how it was able to be changed in the first place...]
>
> I agree with Dan that some sort of reload (or at least a review) is in order, but I also know that I don't have time to do it (and I'm guessing Mike's not thrilled with the prospect either...)
>
> As for attachments, I think that the list manager strips them anyway, but I see your point: since both the list and the website are on the same physical hardware, both may be compromised (not sure if the "crack" was due to a known joomla exploit or a general linux/security exploit)
>
> I'm also curious as to what raised our site high enough on their "radar" to warrant taking a pot-shot at us..
>
>> -----Original Message-----
>> From: Rae Yip [mailto:rae.yip at gmail.com]
>> Sent: Tuesday, November 10, 2009 3:28 PM
>> To: SGVLUG Discussion List.; mathew_2000 at yahoo.com; Emerson, Tom (*IC)
>> Subject: sgvlug.org site hacked
>>
>>
>> Hey folks,
>>
>> Don't know if this email will even make it through, but it
>> looks like the SGVLUG website has been hacked. Be wary of any
>> attachments you get from this mailing list, and take special
>> care when visiting the site.
>>
>> Looks like we may need to have a presentation on Linux
>> security again...
>>
>> -Rae.
>>
>