puppylinux.org hacked into

For your information. I don't know if it can compromise your own system by visiting it, best to stay away.

I have received a few emails about it, but note that I don't have anything to do with maintaining puppylinux.org.

There's a forum thread discussing this:

http://murga-linux.com/puppy/viewtopic.php?t=48695


Posted on 9 Nov 2009, 9:19


Comments:

Posted on 9 Nov 2009, 12:49 by Raffy
Looking for New DNS
Just saw your forum post, Barry. I will look into new DNS for puppylinux.org. Will let you know in 6 hours. Now is 04:45 GMT.


Posted on 9 Nov 2009, 13:22 by Raffy
Done
Thanks for waiting - please check your Forum Inbox.


Posted on 9 Nov 2009, 18:24 by BarryK
New DNSs
Raffy,
Ok, done. I sent you a pm also.

To everyone, give it 12 hours or so, to ripple through the Internet, and puppylinux.org should be right again. But, I don't know what Raffy's plans are regarding uploading stuff to the new site.

Apparently one of the PHP scripts has a security flaw, so that would need to be fixed so that it doesn't happen again.



Posted on 9 Nov 2009, 19:11 by Raffy
Factors
Site is up again, Barry, thanks.

With Drupal already retired, there will be less scripts so it should be easier to spot problems.

There was also a coincidence: Hostgator announced a reboot of the site (a kernel update) in the evening of Nov 4 (morning of Nov 5 in Perth/Manila). Soon after, index.php became inaccessible and the problem progressed to an uncontrolled security situation.

Wikka wiki is taking time to be restored because of its large database.


Posted on 10 Nov 2009, 4:35 by 8-bit
Site hacked again!
As of the time of posting this message, puppylinux.org has bee hacked again.
It is showing a full page of under age girls in various states of undress.
If this cannot be fixed, I think the site should be locked or blanked till it is.
There are legal implications to look at here.


Posted on 10 Nov 2009, 8:05 by Raffy
No control
As of the times given above (Barry's post and mine), I no longer have control of the old server. But before the server switch, the old server was showing only a notice that the server was having problems. I also changed the CPanel password when I posted that notice.


Posted on 10 Nov 2009, 10:13 by BarryK
Hostgator access
Raffy,
You can still access the old Puppy site at hostgator, if the account is still active.
Hostgator provides an alternative URL.

There are two ways. My hostgator account has a fixed IP address. There is also a URL using hostgator.com that will point at the puppylinux.org site.

So it is possible to clean it out then reupload then view the result.

Recommendation: wipe everything, then change the password again.



Posted on 10 Nov 2009, 10:18 by BarryK
omnis.com
Hey, here's another host that uses load-balanced servers, very cheap:

http://www.omnis.com/

...I don't have any personal experience of their hosting service, this is just posted in case it is of interest to anyone.