« Bloody Mess | Main | Kriegspiel Championships »
December 25, 2004
Mysterious Downtime
Merry Xmas! Molten Studios was hacked. No kidding. Actually, the whole server xxxx.moltenstudios.com hacked. As a result, it was unaccessible between (Dec. 24) 4:56 - (Dec. 24) 5:13 and (Dec. 24) 5:32 - (Dec. 25) 5:22M. Captain’s log:
Dec. 21, 2004. 1:41 PM. I receive an email from [QWK.net : Services] regarding an “Emergency Maintenance”:
QWK.net had a customer implement insecure website code. This customer’s code was compromised. The hacker then had permission to compile some Perl scripts to wage ware on the server. There will be a period during the clean up period where server xxxx.qwknetllc.com will not be available to the public while we restore information from tape backup.
Dec. 24, 2004. 4:56 PM. I cannot connect to my website. I check my email. It says: “Account has been suspended because [BLANK]”… No reason is provided. It looks like one of those automated messages.
5:13 PM. I get the email “Account has been resumed”. This only lasts twenty minutes…
5:32 PM. I get another “Account has been suspended” email. Like last time, no reason is provided. I try my website - and it works. But in a few minutes, it stops working again - and this time for “good”. I send a “trouble ticket” to QWK.net.
Dec. 25, 2004. 2:54 AM. I receive another email from [QWK.net : Services] titled “Important security advisory”:
For almost the past 12 hrs we have been dealing with a handful of scripting attacks driven from Google and other sources. These are variants of the original santy worm that earlier this week took out over 40,000 servers in just a few hours… Even though we are running the latest versions of Apache and PHP, We have also been under attack by a new compromise that is yet to be defined.
Afterword. QWK.net asked customers to upgrade their PHP and Perl scripts to the latest versions. I have upgraded Movable Type to v3.14 - which fixes numerous bugs and security leaks. I have other “heavy duty” code running, but this blog was definitely the center of QWK.net’s attention.
Posted by Oleg Ivrii at December 25, 2004 11:08 PM
Comments
Uh... Oleg, it isn't January yet. Either you are really prophetic or you made a typo.
Posted by: aSo at December 26, 2004 04:22 PM
Thanks, Adrian. Mistake noted - and corrected.
Posted by: Oleg Ivrii ![[TypeKey Profile Page]](http://oleg.moltenstudios.com/blog/nav-commenters.gif)
at December 26, 2004 04:35 PM
HACKED BY CHINESE!!!
Posted by: Vlad at December 29, 2004 10:04 PM
Hey, watch it, or you'll have an angry Chinese mob (100+ ppl) at your door in notime.
Posted by: Richard Peng at December 31, 2004 12:00 PM
lol more like 10000+
Posted by: Eric C at March 2, 2005 09:26 PM