Looks like the so-called hacking “attempt” on my site a few days ago was successful after all. I thought I had pulled the plug on the hacker by removing the PHP-infested comments they had posted, but it looks like the damage was done as soon as they posted the comment. By posting comments with certain PHP-commands, they were able to upload PHP Shell, a tool you can use to execute commands on a remote web server, even if you can’t have normal telnet-access. Bad.
Anyways, it’s now time for some damage control. All passwords will be changed, PHP Shell will be deleted - that’s a shock. In this process, the site might become a little unstable and throw all kinds of error messages at you.
This post has no feedback yet.
Do you have any thoughts you want to share? A question, maybe? Or is something in this post just plainly wrong? Then please send an e-mail to
vegard at vegard dot net with your input. You can also use any of the other points of contact listed on the About page.
|2002-11-06 13:09 CET|