The board is really slow tonight.
Jimmy Olsen jokes're pretty much gonna be lost on you, huh?
Xander ,'The Killer In Me'
Buffistas Building a Better Board ++
Do you have problems, concerns, or recommendations about the technical side of the Phoenix? Air them here. Compliments also welcome.
Tom Scola - Mar 04, 2012 3:34:04 pm PST #3145 of 4677
hwæt
§ ita § - Mar 04, 2012 4:01:08 pm PST #3146 of 4677
Well not canonically, no, but this is transformative fiction.
My home network is bogged down with a lot of large file copies, so I can't tell--are other people experiencing slowness? Hands?
Amy - Mar 04, 2012 4:10:29 pm PST #3147 of 4677
Because books.
It's seemed a little slow all day to me.
Jesse - Mar 04, 2012 4:50:39 pm PST #3148 of 4677
Sometimes I trip on how happy we could be.
I'm feeling like the internet in general is slow, so yeah, also here.
Tom Scola - Mar 05, 2012 4:05:57 am PST #3149 of 4677
hwæt
The site is slow because we have been hacked.
I logged in and found the following script running: /var/www/vhosts/buffistas.org/cgi-bin/footgear.pl. Modification time of Feb 24.
The script is some kind of DDOS program. I think we have been using a shit-ton of bandwidth the past week or so.
I killed any footgear.pl processes that were running, moved the script out of the way, and made the cgi-bin directory unwritable. It will take me a while to go through the logs to see if I can figure out how they got in.
Jesse - Mar 05, 2012 4:42:32 am PST #3150 of 4677
Sometimes I trip on how happy we could be.
Yikes!
§ ita § - Mar 05, 2012 4:54:21 am PST #3151 of 4677
Well not canonically, no, but this is transformative fiction.
Good god, Tom. Thanks for catching that.
I am curious about how they got in, too. Our admin password is decently strong--do you think it should be changed?
A cursory google doesn't show me any scriptkiddy sites with that application name or anything, but I don't know all the l33t places to go.
eta: and do you think it's something we should report to iStrata in case that's how they got in, or other customers are compromised?
Consuela - Mar 05, 2012 6:12:32 am PST #3152 of 4677
We are Buffistas. This isn't our first apocalypse. -- Pix
Wow! Thanks for catching that, Tom.
Tom Scola - Mar 05, 2012 7:29:56 am PST #3153 of 4677
hwæt
Looks like they got in through plesk.
§ ita § - Mar 05, 2012 7:36:35 am PST #3154 of 4677
Well not canonically, no, but this is transformative fiction.
Is there a security loophole or exploit that they used? Is our password compromised? Was it our plesk install, or one at a higher level (like iStrata admin, or something?)