3 days ago, somebody broke into the SQLite website and defaced the CVSTrac homepage. (www.cvstrac.org and www.sqlite.org share the same machine.)
I do not know how the attacker got in. The message left on the homepage of www.cvstrac.org was "Rooted by Russel-Aid'.
www.sqlite.org runs a minimal Debian 3.0. qmail is used for the mailing list. CVS is running. The web server is a custom implementation running in a chroot jail. CVSTrac runs in a chroot jail. And sshd is running. There is a private chat server written in TCL running on an unpublished port. Nothing else. I keep the system updated at all times with the latest Debian security patches. In particular, the most recent CVS patches have been installed.
Anybody have any clues how an attacker might have gotten in? Does anybody have any advice on how best to secure the system?
I'm up to my eyeballs with SQLite version 3 right now. Anybody with the time, skills, and inclination to help fix this is welcomed to volunteer by calling me at the phone number below.
Thanks. -- D. Richard Hipp -- [EMAIL PROTECTED] -- 704.948.4565
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
