[mythtv-users] Hacked?
Dave Bush
statman at twcny.rr.com
Mon Aug 16 00:51:41 EDT 2004
John Goerzen wrote:
>On Sun, Aug 15, 2004 at 10:54:14PM +0100, Stephen Tait wrote:
>
>
>>Anyone else cocked a snoop at the homepage? Looks like some script kiddy
>>got his hands on it.
>>
>>
>
>Indeed. I would say that caution should be in order, and people
>should not attempt to use any source code downloaded from mythtv.org
>in the past few days until a full audit has been done. That should
>also include CVS, and any sites that people that use mythtv.org have
>access to (since the attacker may have been able to capture their
>passwords).
>
>
I'm not saying that caution shouldn't be taken, but I don't think it's
as serious as you describe.
My guess is some kiddie familiar with PHP-Nuke found the MySQL database
open to the world and inserted his own story. Happened to me on a site I
used to operate for a local jr. hockey team, and it was very simple to
fix. Took longer to make sure MySQL was secure (like five minutes or
less with the Webmin interface) than it did to remove the offending story.
My 00000010 bits, ;)
- Dave
P.S. For those that saw it, am I the only one skeptical that the origin
was really Arabic? If I was in the Taliban I don't think defacing the
MythTV web site would be anywhere near my list of "things to do".
--
Dave Bush - statman at twcny.rr.com <mailto:statman at twcny.rr.com>
There are two seasons in my world - Hockey and Construction
More information about the mythtv-users
mailing list