[mythtv-users] pcHDTV.com defaced AGAIN

Anthony Vito anthony.vito at gmail.com
Wed Dec 22 15:58:05 UTC 2004


> The fix is to upgrade php itself to a non-vulnerable version I believe.
> 
> Google are supposed to have blocked the search that the worm was using
> to spread itself though.

Probably not something to bet the house on. Anyone could still
manually exploit the security hole as well..... I haven't seen any
change from the server yet.... like... a basic firewall....

]# nmap -sS pchdtv.com
 
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-12-22 10:51 EST
Interesting ports on powell.slcinet.net (128.121.217.18):
(The 1635 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
23/tcp   open  telnet
25/tcp   open  smtp
79/tcp   open  finger
80/tcp   open  http
106/tcp  open  pop3pw
110/tcp  open  pop-3
119/tcp  open  nntp
139/tcp  open  netbios-ssn
143/tcp  open  imap
443/tcp  open  https
513/tcp  open  login
514/tcp  open  shell
587/tcp  open  submission
990/tcp  open  ftps
992/tcp  open  telnets
993/tcp  open  imaps
995/tcp  open  pop3s
2401/tcp open  cvspserver
3306/tcp open  mysql
5190/tcp open  aol


I haven't seen an internet server this unsecure since the Helsinki
incident of 1919, and I think we all know how that turned out.


-- 
Anthony Vito
anthony.vito at gmail.com


More information about the mythtv-users mailing list