Okay, that last post was actually sent before we rebooted (Carl, you wanna set up a monitor on the managers daemon like the fudge daemon one?) and now we've looked a little more thoroughly. Here's what happened. Today I happened to peek at the Phoenyx' access logs and wondered "Hey, how come we're getting a lot of SQL injection attempts? TWiki doesn't even *use* SQL!" (As it turned out, it was a Perl backtick exploit. Same thing, only even stupider on the programmer's part.) And, of course, they were more than just attempts, they were *successful* attempts. Apparently, aside from an IRC bot, nobody managed to set up anything significant (we apparently don't have any kernel exploits), but we could be wrong, if someone actually hid their tracks (the ones who set up backdoors (to nowhere) and whatnot didn't, being skr1pt k1dd1es). Whew. Still, if we weren't already moving to the new box, we'd be rebuilding clean. We're moving the schedule up a bit on that, too, which should be... interesting. So now in addition to Carl (who was, coincidentally, about a week behind in BUGTRAQ, though the Fudge wiki actually had an attack a few days earlier), I'm subscribed to BUGTRAQ. Like I have time for that any more than Carl does. Anybody want to help out with that sort of thing in the future? Mostly it would mean being aware of what we're running (and what version) and keeping an eye out for announcements and whatnot, unless someone wants to actually try playing blackhat. Especially with Gamehawk code. I *know* Firehawk would be relatively easy to exploit, but as with www-data there shouldn't be *too* much that can be done (aside from running spam zombies, which is bad enough) from that access level. But I've learned a great deal about Perl and security in the meantime, and I'd like to have somebody looking for loopholes in the code *before* I publish it to the big world... -- -------------------------------------------------------------- Game(s): The Whole Phoenyx Listowner tools are found at http://www.phoenyx.net/listowners/
