Tag Archives: web server

Someone Hacked My Web Server

So I just found that someone hacked into my web server recently, I’m not sure when they started poking around, but I saw some significant activity around December 17th.

I say “hacked” instead of “cracked” or defaced/damaged because I haven’t seen any actual malicious activity, just a lot of wordpress php scripts which had some eval code appended to the top.

I’ve backed up the hacked php scripts and will try to decipher them later. The scripts are basically a bunch of php evals of statements encoded in base64. I could probably decode them quickly via some perl scripts to change all the evals to print statements, and then use the equivalent of perltidy to make them readable in order to find out exactly what they were trying to do.

In any event, it’s likely they still have some backdoor set up, because it seems they got root access, or at least the ability to write a file with root permissions into the DocumentRoot, so I’ll have to keep an eye out.

I’ve upgraded the system to Lenny (was Debian etch, so yeah I’m at fault there) and upgraded wordpress from 2.3.x to the latest 3.0.4. I blew away the hacked wordpress instance, and just installed wordpress from scratch, along with some other things which hopefully will alert me when something like this happens again.

To the person responsible – I’m not running this web server as some sort of proof of my skill set, it’s simply a personal web server which I am hosting myself because I don’t very much like to be pushed into the idea of cloud computing and hosting my stuff on blogspot, etc. I think it’s good to be able to host your own applications and services, and not be tied down to services provided by Big Corp.

My message to you is this, use your head. It was probably fun to try and break in, but actions like this are what’s causing people to subscribe to cloud computing with open arms, and eventually Big Corp will be hosting everyone’s data, and the freedom that you have to learn how to manipulate PHP will be non-existent because we’ll all be stuck in AOL hell.

If you want to do something cool and interesting, why not trying using your skills to help people.

If anyone’s interested in taking a look encoded PHP, here’s what looks to be one of the primary sources: style.css.php.  Note that the script is basically all on a single, really long line, so most text editors may have trouble reading it.