The post is a little low on details concerning the actual exploit used, but there's pretty massive carnage. Let's hope the admins have offsite backups.
For those who don't know of Astalavista, it was a popular website for "hackers" with relatively low-quality content. It started in 1994, and was one of the first search engines for computer security information. It hosted software exploits, and quickly degenerated into a forum for sharing software cracks, spyware, and virii.
Being a security-related website, you'd expect the owners to be a little more careful, which is why this is interesting.
One strategy that I employ to mitigate this is to have my backup service connect to the production server, rather than the other way around. That way if your production services are compromised, your backups remain untouched (on a machine that's running no services, behind a firewall, etc, and for all intents invisible).
How is your offsite backup implemented? Is the data stored on a network drive, or backed up to tape?
Far more interesting was the root escalation exploit. 2.6.18 is a relatively recent kernel, and I haven't heard of exploits publically disclosing something of that caliber. Has anyone seen anything on securityfocus/bugtraq/milw0rm etc regarding this?
[P.S. my VM is 32 bits, because VirtualBox has an issue with 64 bit CentOS 5.3 and AMD PhenomIIs: http://www.virtualbox.org/ticket/3927 ]
Thanks for the background info on the site.
1) The Latin plural of word ending in -us is not -ii. -i at best.
2) 'Virus' doesn't have a Latin plural, because its meaning is like (in the sense of not having a plural) 'sand': it already denotes a multitude.
"Virus" is however, in the second declension (virus -i n. "slime, poison, goo") with the oddity of being neutral while having a second declension -us ending which is normally a feature of masculine nouns. And indeed, its plural would be "viri".
As an amateur Latin geek myself, I agree that "viruses" is proper from a grammar standpoint, but I sided with Wikipedia because I was using computer terminology.
As bad as astalavista is, is it right to reciprocate and trash their server? It seems as if the hacker sunk to their level.
Are there legal ramifications to something like this?
Uh, yeah, of course. Good luck catching them, though.
astalavista.com stole their name to ride on their popularity.
gives a fairly good idea of how to not make the same mistakes, if applicable.
However, since astalavista was the site in question, you will probably be safer to visit after the hack.
Quote: "plaintext passwords? yes, those so called "security professionals" who charge you $6.66 / month to register at their hack-proof portal, save your passwords in plaintext... brilliant!"
dark side of me: I wonder how many of those passwords work to get into those e-mail accounts...
If my assumption is incorrect and no one is interested, I will humbly tuck my metaphoric tail between my legs and refrain from posting such things again.
http://romeo.copyandpaste.info gives an idea about anti-security movement...
btw, this is merely good quality of system maintaince (of course, their backup system is very funny), but this is very usual way people uses linux and oss nowadays - no one cares to much, thanks to apt-get and yum and xen.
Linux is a mainstream now, nothing special, just stupid, plain activity. It was cool when they were migrated from 2.4 to 2.6 kernel, or even from 2.1 to 2.2 glibc. Today it lost all its coolness and romance.
Just imagine what happening in corporate sector, who hires cheap boys or guys from third-world, like me.
