Shell infect as well
My enjoyment of this article was severely reduced by an annoying advert for Shell hovering over the text, and which appears to have no way of closing/removing it.
Adverts I can cope with, but this kind are unacceptable to me.
UK-based web host Daily has largely restored services following an apparent hack attack on Thursday that replaced content on some sites it hosts with pictures of cartoon penguins. The images of Linux penguin Tux parodied the 'hear/see/speak no evil' monkeys". Text included on the defacements claimed the hack in the name of ' …
It heralds a Chinese cyber WAR followed by an INVASION! Hacking unpatch PHP is just the up front invasion!
Just look at my SSH logs as proof, invaders attacking my root!:
204.232.136.233 .... rackspace US
202.99.122.230 .... china
79.171.35.140 ....InternetEngineeringAS Manchester
61.167.60.244 ...Harbin China
242-231-13-72.static.cosmoweb.net .... Newyork
95.168.183.133 .... Berlin
113.105.145.29 ... Guangdong China
216.219.239.160 ... cubetechnology.net
etc. etc.
If I was a paranoid military person, I'd be force to cyber nuke these computers!
But then again, I'll probably just contact their admin on Monday and tell them to clean up their hijacked serversand add their subnets to the block list.
(Or I could pay $28 million to some weapons company to buy log analysis software and pretend I'm not an idiot wasting money without having a clue).
NOPE! Cybernuking is the ANSWER! DIE TUX DIE!
;-)
C,Java and Perl, not the most secure coding systems around, all of which are inherent in PHP. Anyone with any knowledge of server side scripting will have no problem defacing this again in the future, only thing to be sure, it wasn't a 13 yr old script kiddie this time, probably just a wee bit beyond your average American Inbred offspring.
This is a joke right? insecure PHP apps and the inability to bind values to SQL queries is one of the basic infection vectors into many web servers.
OTOH perl apps provide the ability ot bind values by default - it is clueless wannabees who ingore the and fail to use strict, tainting etc.
IMHO PHP is insecue by design - Perl code is insecure because of incompetent coders...
Wow, totally uninformed post there. Apps in ANY language can be insecure, that doesn't make PHP insecure by extension. PHP does allow prepared statements and thus values to be bound in queries (and has done for years) so I've no idea what you are talking about (and neither have you).
a very vocal minority keeps telling us that Linux / Open Source is more secure / robust / better than Windows for hosting... yet this is yet another report of a mass hack on a Linux based, Open Source powered platform ...
of course the same very vocal minority are great at spreading fear uncertainty and doubt whenever there's a rumor of a Windows vulnerability but are quick to downplay and hide under the carpet issues like this...
Shame that a small group of muppets choose to attack their own.
We're talking about teh intawebs here - the LAMP stack is hardly "minority".
For web hosting you'd be hard pushed to beat a FreeBSD server mind - especially when it comes to scalable robustness.
There have been a few mass-attacks in recent months that seem to have gotten in via FTP and if, as it appears, index.php files have been replaced this is quite possibly the same attack vector - although yes, it could be done via a PHP injection (file_put_contents()) type attack - depending on how the server was configured.
Possibly you know PHP for intergrating into HTML, so I understand your questioning, but yes, C, Java and Perl are all inherent in PHP. In fact PHP was coded in C by Ramond Lerdorf in 1994, and contains elements still of C, Java and Perl to make it scriptable for HTML. I hope that clears that up for you. Perhaps you may like to compare much of the syntax in C, Java, Perl and PHP to see for yourself if you still don't believe. This is why although PHP may be in use on an estimated 13% of servers, it is easily the most hackable language, requiring no actual indepth specific understanding of any of them, beyond coding script.