It looks like you were not the only person to have their webserver hacked <http://66.102.7.104/search?q=cache:qDRaYAsLJUAJ:zone-h.com/defacements/onhold+russel-aid&hl=en&ie=UTF-8>. Since you are running an "atypical" web server, chances are the cracker got in with either a Linux root kit, a ssh flaw, or a CVS flaw (Linux and CVS have security alerts that were sent out in the last 10 days or so).
The only other reference I found of Russel-l-Aid was this Italian site <http://translate.google.com/translate?hl=en&sl=it&u=http://www.glesius.it/forum/topic.asp%3FTOPIC_ID%3D1426%26ARCHIVE%3D&prev=/search%3Fq%3Drussel-aid%26start%3D10%26hl%3Den%26lr%3D%26ie%3DUTF-8%26safe%3Doff%26sa%3DN>. Louis --- "D. Richard Hipp" <[EMAIL PROTECTED]> wrote: > 3 days ago, somebody broke into the SQLite website > and > defaced the CVSTrac homepage. (www.cvstrac.org and > www.sqlite.org > share the same machine.) > > I do not know how the attacker got in. The message > left > on the homepage of www.cvstrac.org was "Rooted by > Russel-Aid'. > > www.sqlite.org runs a minimal Debian 3.0. qmail is > used for > the mailing list. CVS is running. The web server > is a custom > implementation running in a chroot jail. CVSTrac > runs in a chroot > jail. And sshd is running. There is a private chat > server written > in TCL running on an unpublished port. Nothing else. > I keep the system > updated at all times with the latest Debian security > patches. > In particular, the most recent CVS patches have been > installed. > > Anybody have any clues how an attacker might have > gotten in? > Does anybody have any advice on how best to secure > the system? > > I'm up to my eyeballs with SQLite version 3 right > now. Anybody > with the time, skills, and inclination to help fix > this is > welcomed to volunteer by calling me at the phone > number below. > > Thanks. > -- > D. Richard Hipp -- [EMAIL PROTECTED] -- 704.948.4565 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
