[Tfug] Hackers Attack House Web Sites hosted on Linux
Choprboy
choprboy at dakotacom.net
Fri Jan 29 13:03:48 MST 2010
On Friday 29 January 2010 12:08, Louis Taber wrote:
> Hi,
>
> Looking at the list of sites provided by CBS attacked after the State of
> the Union address all of them that I checked with Netcraft were running
> Linux. Does anyone know what exploit was used? - Louis
"All of them" being the same single server "dcserver1.house.gov" at
143.228.239.211. All the sites have the same templated format.. so it looks
like a standard CMS of some sort. They seem to have scrubbed the standard
HTML source comments though... Dig dig dig.. Hmm, yep they are running Joomla
(possibly Mambo, they share some of the same backend modules)...
My guess is yet-another-<CMS> exploit. There seems to only be one input source
on the publically linked pages, an email signup, so it could an input
filtering issue there, but I would guess not. Its probably an exploitable
module left running (though not linked to anywhere so forgotten about),
probably something stupid like a forum module or shopping cart that has never
been updated.
Adrian
More information about the tfug
mailing list