[mythtv-users] pcHDTV.com defaced AGAIN

Maarten mythtv at ultratux.org
Wed Dec 22 16:29:52 UTC 2004


On Wednesday 22 December 2004 16:58, Anthony Vito wrote:
> > The fix is to upgrade php itself to a non-vulnerable version I believe.
> >
> > Google are supposed to have blocked the search that the worm was using
> > to spread itself though.
>
> Probably not something to bet the house on. Anyone could still
> manually exploit the security hole as well..... I haven't seen any
> change from the server yet.... like... a basic firewall....
>
> ]# nmap -sS pchdtv.com


Brrrrrr.  I hope your scanner doesn't work, or maybe it's not real services 
you're seeing but some sort of an intrusion detection system...
If not, this is one terribly insecure server, even if only from a theoretical 
point of view ("Only allow services that are really needed").
Eeeeew.  Especially the following have NO reason to be open to the world:

> 23/tcp   open  telnet
> 79/tcp   open  finger
> 139/tcp  open  netbios-ssn
> 513/tcp  open  login
> 514/tcp  open  shell
> 3306/tcp open  mysql

And these, I've never even heard about.  And I DO know a lot of ports...

> 587/tcp  open  submission
> 5190/tcp open  aol

> I haven't seen an internet server this unsecure since the Helsinki
> incident of 1919, and I think we all know how that turned out.

Eh ? 1919 ??   Which internet are you speaking of...?  ;-)

Maybe... There could be another reason all these ports are open; a full 
root-level host compromise.  But then you'd expect someone to unplug this 
mess from the net rather quickly...

Maarten

-- 
Linux: Because rebooting is for adding hardware.



More information about the mythtv-users mailing list