Re: [plug] GMA-7 website hacked!

Mon, 02 Jul 2001 22:45:06 -0700 

it is possible the hacker got one available port  in the box,  user
account,  he/she have a backdoor in that box something like that....



At 09:47 jhay-ar 7/3/01 +0800, you wrote:
>
>On Mon, 2 Jul 2001, Pablo Manalastas wrote:
>
>>
>> The Phil. Daily Inquirer reported today (InfoTech section) that the
>> GMA-7 website was defaced by a hacker last Wednesday. The news article
>> also reports that the website is hosted by inter.net
>> (Contreras/Paras/etc.).  A check of the website
>> http://www.gmanetwork.com/ showed that the site is running Apache
>> 1.3.6/modperl 1.21/modssl 2.2.8/openssl 0.9.2b on Linux. Testing ssl
>> on port 443 produced an error (bad SSL server certificate?).  Could
>> this error be the cause of the security hole?  Anyone knows the
>> details? Could modperl be the culprit? (magagalit si Orly dito).
>>
>
>I have the GMA website's server right here next to me.  It used to run
>Apache on Solaris, but apparently how they defaced it was a helluvalot
>simpler than a security hole.  We had a good look and it turns out that
>SOMEONE'S PASSWORD GOT STOLEN.  !@#!$@#%@!!!! TELNET LUSERS!!!!
>
>We are now in the process of having a full security audit of all our major
>systems.
>
>By the way, the GMA website is not running on the original box.  That
>server which you've probed is where we temporarily relocated their website
>while we perform hardening of the box and do a thorough check of the
>system.
>
>--
>Rafael R. Sevilla <[EMAIL PROTECTED]>   +63(2)   8177746 ext. 8311
>Programmer, InterdotNet Philippines              +63(917) 4458925
>http://dido.engr.internet.org.ph/
>
>-----BEGIN GEEK CODE BLOCK-----
>Version: 3.12
>GAT d- s:- a- C++++ UL+++ P+++ L+++ E++ W++ N+ o K- w---
>O- M-- V- PS+ PE Y+ PGP++ t+ 5 X+ R tv+ b+++ DI++ D+
>G e++ h! r++ y+
>------END GEEK CODE BLOCK------
>
>
>_
>Philippine Linux Users Group. Web site and archives at
http://plug.linux.org.ph
>To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
>To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
> 

_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]

To subscribe to the Linux Newbies' List: send "subscribe" in the body to 
[EMAIL PROTECTED]

Reply via email to