[mythtv-users] pcHDTV.com defaced AGAIN
Anthony Vito
anthony.vito at gmail.com
Wed Dec 22 15:58:05 UTC 2004
> The fix is to upgrade php itself to a non-vulnerable version I believe.
>
> Google are supposed to have blocked the search that the worm was using
> to spread itself though.
Probably not something to bet the house on. Anyone could still
manually exploit the security hole as well..... I haven't seen any
change from the server yet.... like... a basic firewall....
]# nmap -sS pchdtv.com
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-12-22 10:51 EST
Interesting ports on powell.slcinet.net (128.121.217.18):
(The 1635 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
79/tcp open finger
80/tcp open http
106/tcp open pop3pw
110/tcp open pop-3
119/tcp open nntp
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
513/tcp open login
514/tcp open shell
587/tcp open submission
990/tcp open ftps
992/tcp open telnets
993/tcp open imaps
995/tcp open pop3s
2401/tcp open cvspserver
3306/tcp open mysql
5190/tcp open aol
I haven't seen an internet server this unsecure since the Helsinki
incident of 1919, and I think we all know how that turned out.
--
Anthony Vito
anthony.vito at gmail.com
More information about the mythtv-users
mailing list