[CentOS] an actual hacked machine, in a preserved state

Mon Jan 2 02:10:01 UTC 2012
Bennett Haselton <bennett at peacefire.org>

On Sun, Jan 1, 2012 at 6:03 PM, Fajar Priyanto <fajarpri at arinet.org> wrote:

> On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER <rilindo at me.com> wrote:
> > The script in question is an exploit from a web board which is
> apparently designed to pull outside traffic. If you had SELinux, it would
> put httpd in its own context and by default, it will NOT allow connections
> from that context to another. You have to enable it with:
>
> The only time my server got hacked was because of phpBB. Using
> cross-site scripting, the hacker managed to put a pl file and when I
> ran it, it opened a console.
> Apparently you are running one of the web boards.
>

I'm not running phpBB or vBulletin.  The script apparently runs on machine
X to attack a *different* machine Y where machine Y has vBulletin installed
on it.


> Pls follow up any
> security advisories of that product and any addon/module closely.
>
> If you are really curious how yours got hack. You can setup similar
> system and put a bounty (maybe $1000) in one of the underground
> community for anyone to hack it and tell you how they do it.
>
>
>

Is there a non-"underground" place to post such requests?  It's not illegal
to offer a bounty to someone for finding a security hole in your system --
Facebook, Google, and Mozilla all do it.

Bennett