Well, OK… maybe not. Maybe I was just hacked by someone with a script and a desire to build his bot army. Either way, this site was hacked over the weekend. Yay. I think.
Apparently, there’s a bug in Coppermine (which I happen to use to host the picture gallery) which is currently allowing a scripted hack. This hack inserts an invisible frame into every page that hits some script, the usage of which is not known by me since it was down when I got hacked! I found a lot of good info here about exactly the hack I was hit with, but not much about what it actually does.
So, what did this mean for me? Well, it means those people I promised last week I’d send them email… well, I will this week… promise! I spent a good chunk of yesterday (Sunday) going through my site, securing it and cleaning up hacked pages. It affected every HTML and PHP file that was owned by the user that Apache runs under. Easily fixed; remove write access to the Apache user to all its files… it doesn’t need to write anything anyway!
Unfortunately, at the moment the fixed version of Coppermine (1.4.16) is not yet available through Gentoo’s Portage… so I must either download it myself or wait until it hits Portage. I think I’ll wait; keeps my system nice and clean and easy to work with 🙂
So, if you see anything amiss on the site, PLEASE let me know. I didn’t feel like cleaning up WordPress or Coppermine, so I reinstalled them both on the site then secured them. So things may not be exactly as they were last week… but it ought to be close enough.
And if you visited my site after 9:19am on Saturday morning, make sure you scan for viruses and/or trojans! That’s when the hack hit.
That’s all for this update. End of line.