![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
The sites on the coloc box I share with a friend got hacked sometime in the last day or two. Fortunately they just replaced index.html. They may have looked around a bit but I don't keep anything I much care about up there.
I do need to get around to keeping rotating backups; I rsync down to a local copy nightly but don't rotate it. I knew that was not terribly smart but never got round to fixing it, since it's not like there's anything terribly critical up there. Still, it'd be a pain to deal with.
The index.html they wrote says "HACKED BY Darkdevil'Z tiM // TRGHOST"
Anyone got an idea how these guys typically get in? It's a Linux/Apache box, with PHP and MySQL. I'm a bit suspicious of PHPWiki myself; I've had trouble with it getting comment spammed before. Comment spamming is a different thing but I'm not sure how confident I am in PHPWiki's tightness anyway.
I do need to get around to keeping rotating backups; I rsync down to a local copy nightly but don't rotate it. I knew that was not terribly smart but never got round to fixing it, since it's not like there's anything terribly critical up there. Still, it'd be a pain to deal with.
The index.html they wrote says "HACKED BY Darkdevil'Z tiM // TRGHOST"
Anyone got an idea how these guys typically get in? It's a Linux/Apache box, with PHP and MySQL. I'm a bit suspicious of PHPWiki myself; I've had trouble with it getting comment spammed before. Comment spamming is a different thing but I'm not sure how confident I am in PHPWiki's tightness anyway.
