Saturday 13 February, 2010

I lied


I lied! I actually did! I lied when I told you everbody was going down. Because ever since I said so, the server has been up without going down at all. The server has been up for 3 days now, which is about 3 times longer as the longest uptime before that.

I think it’s safe to assume that the issues have been resolved at this point. The question that many people might want to see answered: What was the cause of all this? A hacked script.

BBclone to be exact. BBclone is a great script to keep count of your statistics. It’s free, it’s PHP based (so it doesn’t matter whether your visitors have Javascript enabled or not), it can be included using .htaccess rules, it’s simple to use, etc. Basically it’s a good script to show you basic statistics of your website. However it’s vulnerable: People can access a modified script URL to include a personal (and probably hostile) scripts (RFI exploit).

That happened to a client of mine who ended up with a nasty script residing in the BBclone folder. That script added cron jobs that ran some other nasty stuff… Very uncool as you can tell from my unstable server.

I removed those cron jobs, got rid of the hostile files, deleted BBclone and did some other (minor) stuff… The server has been up ever since.

I want to thank everyone who helped out and suggested what to look for. It would’ve taken me ages to figure out those things myself. Seen as everything is running smoothly, I can get on with what I really wanted to do: New stuff!

Tags: , , , ,

There are no comments yet, add one below.

Leave a Comment


Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">