Re: [Jack-Devel] Fwd: Re: jackaudio.org website shut down due to hacking
On Mon, Jun 2, 2014 at 3:45 AM, Graham Goode <[hidden]> wrote:
> And if you didn't, here is the WayBackTime Machine's backup from
> February 2014...
>
If the issue was just backups, it wouldn't have been much of an issue. But
when I read the break-in/exploit code, it was clear that the people
responsible had either already modified SQL tables or had the capacity too.
Dreamhost makes it more or less impossible to run the web server as
different user from the owner of static files, and in a case of poor system
admin, the same SQL user is used for DB access as for DB creation.
So having access to the files/pages/drupal nodes is one thing (we still
have/had that before the hack, they just added pharma spam), but the site
was fundamentally unsafe because there is no way of knowing what they put
into the DB, or how long ago this crack was added.
--p
1401713659.24151_0.ltw:2, <CAFa_cKnLVjwUpffJRc=rYs8vmge70N3_vcSA44iNnYkZUFFKxA at mail dot gmail dot com>