A while back GoDaddy’s servers were run amok by script kiddies. One compromised account led to all account on the entire box being susceptible, and back doors being installed. Not a good scene that one...
Ryan Thrash, MODX Co-Founder
Follow me on Twitter at @rthrash or catch my occasional unofficial thoughts at thrash.me
-
- 249 Posts
Quote from: puffin at Oct 31, 2010, 09:38 PM
Has anyone on a dedicated experienced this hack?
One of my hacked sites is hosted on a Verio virtual private server that we manage.
lo9on.com
MODx Evolution/Revolution | Remote Desktop Training | Development
-
- 97 Posts
There are a few things I’d like to know about those that have been affected by this exploit:
1. Do all of you use Apache?
2. What PHP version do you use?
3. Do all of you use Linux? (If yes, what distribution?)
Maybe an admin can gather these info. They might prove valuable for finding the actual problem.
-
- 204 Posts
System:
MODx 1.0.4 rev 6981
Apache 2.2.16
MySQL 5.1.50
PHP 5.2.14
Plugins:
WordsReplace 0.1.1
Search Highlight 1.5 (installed but not being used in site)
Forgot Manager Login 1.1.2
Inherit Parent Template 1.1
ManagerManager 0.3.8
TinyMCE Rich Text Editor 3.3.5.
TransAlias 1.0.1
Easy 2 Gallery (I believe uses phpThumb)
EditArea 0.5.2
-
- 249 Posts
Quote from: rthrash at Nov 01, 2010, 11:26 AM
What add-ons are you running? Do you use phpThumb?
None of the sites used the phpThumb extension. They were all out-of-the-box (Evolution) installations, each with a bunch of custom snippets that I wrote for menial tasks like displaying date/time, formatting strings, etc.
This was a post I made on the most recent attack, based on a site hosted on a Verio shared host:
http://modxcms.com/forums/index.php/topic,54874.msg316479.html#msg316479
I didn’t log any record of the attack on the site hosted on the VPS. That site was migrated to Revo within a couple days. But the VPS server specs are
PHP 5.2.13
FreeBSD 6.4
Apache 2.2
Mysql 5.1.44
lo9on.com
MODx Evolution/Revolution | Remote Desktop Training | Development