Well, it turns out that the PHP exploits are more frequent than I would’ve guessed. I was suprised to see an /usr/sbin/httpd running on my machine (my machine is debian and under debian, apache runs as /usr/bin/apache) and my CPU usage was pretty high.

Needless to say, I was broken into, but it wasn’t a root compromise. They used a known php exploit in phpBB2 to run code as www-data on my machine. No passwords were cracked and no information was retreived, but they did use my computer resources and I was a little pissed about that. Without stopping the /usr/sbin/httpd process, I brought up ethereal and found the irc server and channel that they were sending data to (the program was scanning for machines with known windows vulnerabilities). So, I fired-up bitchx and logging into their chat room. There was only one person (admin status), so I started-up a conversation with him. It turns out that he’s a kid in Portugal and (through much copying and pasting from BabelFish) I was able to talk to him and tell him that hacking was illegal in the states and that what he did was punishable in the U.S. with a lengthy stay in prison.

He insisted that in Portugal, it was not illegal because he wasn’t making any money at it.

He eventually stopped talking to me and I removed all of my php stuff on my machine and upgraded the stuff that I couldn’t do without. I guess I’ll be writing my own web stuff from now on. The hack didn’t do any damage, but I still don’t like the feeling of someone effectively getting into my computer without my permission.

Oh well, expect to see more custom code on badcheese.com from now on! :)

Tweet