I saw that someone found an exploit this morning in some older wiki software hosted on the webserver for this site and uploaded a emailer php script. This script has been removed along with the software that was exploited. It was being used to send phishing emails to get passwords to a bank website. Most of the emails it sent were bounced back, due to invalid email accounts. The IPs were blocked.

Therefore, a cleanup of websites hosted on here will be done on this weekend Feb 3-5th. Some features of some of the hosted sites might go away if unused and migrations of the sites to new/different software will be performed. Also, some new monitoring utils and firewall rules will be implemented.

Some websites may be unavailable or will be in the progress of being migrated during the weekend. If it’s broke, check back in an hour or two.

Previous Exploit

This server had an issue with an older version of PAM for Linux that was exploited in order to gain access to a low level user. A few files were uploaded, but nothing was modified. I saw that there was high CPU usage and was able to stop the intruder before anything serious was done. The files uploaded were removed and ports closed & IPs blocked. The OS was upgraded to a newer version in order to remove the exploit and to get other patches.