[HCS-D] Albanian Hackers

Steven Michael Melendez melend at fas.harvard.edu
Fri Jul 15 11:29:59 EDT 2005


Judging by the user-agent string (XML-RPC Exploit R/0.1), this is what we
were attacked with.

They went after a vulnerability in the Harvard Dems "Civicspace" site, so
I chmoded the ~dems/civicspace site non-readable, non-executable. I will
email the dems, and tell them to upgrade, since, from the Civicspace site,
it appears the vulnerability is this one
in the Drupal code used in Civicspace. Civicspace claims their newest
version addresses this issue.


On Fri, 15 Jul 2005, Steven Michael Melendez wrote:

> Hi everyone,
> I moved the page put up by the "Albanian Hackers" to albania.htm, and
> moved their php shell script out of the HTML directory. I put up an old
> version of our index.html from archive.org as a temporary measure.
> Unfortunately, they seem to have deleted the entire ~www/html directory.
> Does someone have their own copy (maybe Ivan, since you were working on
> the page?)
> Was there already discussion of this on another mailing list? I'm sorry if
> I interfered with what someone else was doing about the problem.
> Steve
> _______________________________________________
> hcs-discuss mailing list
> hcs-discuss at lists.hcs.harvard.edu
> http://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss

More information about the hcs-discuss mailing list