« Bloody Mess | Main | Kriegspiel Championships »

December 25, 2004

Mysterious Downtime

Merry Xmas! Molten Studios was hacked. No kidding. Actually, the whole server xxxx.moltenstudios.com hacked. As a result, it was unaccessible between (Dec. 24) 4:56 - (Dec. 24) 5:13 and (Dec. 24) 5:32 - (Dec. 25) 5:22M. Captain’s log:

Dec. 21, 2004. 1:41 PM. I receive an email from [QWK.net : Services] regarding an “Emergency Maintenance”:

QWK.net had a customer implement insecure website code. This customer’s code was compromised. The hacker then had permission to compile some Perl scripts to wage ware on the server. There will be a period during the clean up period where server xxxx.qwknetllc.com will not be available to the public while we restore information from tape backup.

Dec. 24, 2004. 4:56 PM. I cannot connect to my website. I check my email. It says: “Account has been suspended because [BLANK]”… No reason is provided. It looks like one of those automated messages.

5:13 PM. I get the email “Account has been resumed”. This only lasts twenty minutes…

5:32 PM. I get another “Account has been suspended” email. Like last time, no reason is provided. I try my website - and it works. But in a few minutes, it stops working again - and this time for “good”. I send a “trouble ticket” to QWK.net.

Dec. 25, 2004. 2:54 AM. I receive another email from [QWK.net : Services] titled “Important security advisory”:

For almost the past 12 hrs we have been dealing with a handful of scripting attacks driven from Google and other sources. These are variants of the original santy worm that earlier this week took out over 40,000 servers in just a few hours… Even though we are running the latest versions of Apache and PHP, We have also been under attack by a new compromise that is yet to be defined.

Afterword. QWK.net asked customers to upgrade their PHP and Perl scripts to the latest versions. I have upgraded Movable Type to v3.14 - which fixes numerous bugs and security leaks. I have other “heavy duty” code running, but this blog was definitely the center of QWK.net’s attention.

Posted by Oleg Ivrii at December 25, 2004 11:08 PM


Uh... Oleg, it isn't January yet. Either you are really prophetic or you made a typo.

Posted by: aSo at December 26, 2004 04:22 PM

Thanks, Adrian. Mistake noted - and corrected.

Posted by: Oleg Ivrii [TypeKey Profile Page] at December 26, 2004 04:35 PM


Posted by: Vlad at December 29, 2004 10:04 PM

Hey, watch it, or you'll have an angry Chinese mob (100+ ppl) at your door in notime.

Posted by: Richard Peng at December 31, 2004 12:00 PM

lol more like 10000+

Posted by: Eric C at March 2, 2005 09:26 PM

   Copyright © 2004-2005 Oleg Ivrii, Liscensed under: Creative Commons.
   RSS: Big Party, RSS: Linklist.