lists.aq.org and polyboston.org temporarily down

Beowabbit

Now mostly on Facebook (and rarely caught up even there)

9th-Jan-2011 12:19 pm

Hi. This does NOT affect my personal mail, or the personal mail of other individuals with @aq.org addresses.

lists.aq.org and polyboston.org are temporarily down due to a breakin. Unfortunately I wasn’t able to spend the time to fix things when I found out so I just shut the server down. I’ll be able to look at it tonight and I’m pretty sure I’ll at least be able to get the mailing lists (if not the full polyboston.org web site) up fairly quickly.

(This was an oversight on my part; the breakin was due to a known vulnerability that I fixed systematically on my physical servers at home but neglected to fix on my colocated virtual server.)

Tags:psa, tech

Comments

9th-Jan-2011 08:56 pm (UTC)

chienne_folle

Ick. Sorry you have this to deal with!

10th-Jan-2011 07:14 am (UTC)

beowabbit

Thanks! Have made enough progress to go to bed.

14th-Jan-2011 09:03 pm (UTC)

darxus

What vulnerability?

19th-Jan-2011 03:41 pm (UTC)

beowabbit

I don’t have the CVE links handy, but an Exim vulnerability that allows a very long header to write to any place Exim can write to, and then invoke Exim with the resulting file as a config file -- so essentially it gets you remote root. I haven’t done forensics yet on the old image, but what called my attention to it was segfaults in normal commands called out of cron, so there was clearly a rootkit on it.

19th-Jan-2011 06:12 pm (UTC)

darxus

Ewww. Thanks. I'm... displeased that I managed to not be aware of that.

The first several hits here are relevant: http://www.google.com/search?q=exim+vulnerability

And: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2023

I had even opened the email from debian-security-announce about it, but apparently haven't been paying enough attention to them.

Leave a Comment to the Entry

This page was loaded Apr 25th 2019, 4:04 pm GMT.

Log in