[mythtv-users] pcHDTV.com defaced AGAIN
Maarten
mythtv at ultratux.org
Wed Dec 22 16:29:52 UTC 2004
On Wednesday 22 December 2004 16:58, Anthony Vito wrote:
> > The fix is to upgrade php itself to a non-vulnerable version I believe.
> >
> > Google are supposed to have blocked the search that the worm was using
> > to spread itself though.
>
> Probably not something to bet the house on. Anyone could still
> manually exploit the security hole as well..... I haven't seen any
> change from the server yet.... like... a basic firewall....
>
> ]# nmap -sS pchdtv.com
Brrrrrr. I hope your scanner doesn't work, or maybe it's not real services
you're seeing but some sort of an intrusion detection system...
If not, this is one terribly insecure server, even if only from a theoretical
point of view ("Only allow services that are really needed").
Eeeeew. Especially the following have NO reason to be open to the world:
> 23/tcp open telnet
> 79/tcp open finger
> 139/tcp open netbios-ssn
> 513/tcp open login
> 514/tcp open shell
> 3306/tcp open mysql
And these, I've never even heard about. And I DO know a lot of ports...
> 587/tcp open submission
> 5190/tcp open aol
> I haven't seen an internet server this unsecure since the Helsinki
> incident of 1919, and I think we all know how that turned out.
Eh ? 1919 ?? Which internet are you speaking of...? ;-)
Maybe... There could be another reason all these ports are open; a full
root-level host compromise. But then you'd expect someone to unplug this
mess from the net rather quickly...
Maarten
--
Linux: Because rebooting is for adding hardware.
More information about the mythtv-users
mailing list