[HCS-D] Albanian Hackers

Steven Michael Melendez melend at fas.harvard.edu
Fri Jul 15 11:29:59 EDT 2005


Ok,

Judging by the user-agent string (XML-RPC Exploit R/0.1), this is what we
were attacked with.
http://addict3d.org/index.php?page=viewarticle&type=security&ID=4371

They went after a vulnerability in the Harvard Dems "Civicspace" site, so
I chmoded the ~dems/civicspace site non-readable, non-executable. I will
email the dems, and tell them to upgrade, since, from the Civicspace site,
it appears the vulnerability is this one
http://www.nessus.org/plugins/index.php?view=single&id=18640
in the Drupal code used in Civicspace. Civicspace claims their newest
version addresses this issue.

Steve

On Fri, 15 Jul 2005, Steven Michael Melendez wrote:

> Hi everyone,
>
> I moved the page put up by the "Albanian Hackers" to albania.htm, and
> moved their php shell script out of the HTML directory. I put up an old
> version of our index.html from archive.org as a temporary measure.
>
> Unfortunately, they seem to have deleted the entire ~www/html directory.
> Does someone have their own copy (maybe Ivan, since you were working on
> the page?)
>
> Was there already discussion of this on another mailing list? I'm sorry if
> I interfered with what someone else was doing about the problem.
>
> Steve
> _______________________________________________
> hcs-discuss mailing list
> hcs-discuss at lists.hcs.harvard.edu
> http://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>


More information about the hcs-discuss mailing list