If anyone has a project hosted at www.icculus.org make sure you have good backups...

In case you don't want to read what icculus put up as a response (kind of valgure) and it's fixed, here's an edited version

We got hacked. It's under control, but the ****s***er tagged us during the WWDC keynote, when I was otherwise occupied. We have cleaned up, except we need to replace some vandalized HTML from backup and upgrade some software before the webserver can go back up. Email and other services are working.

For the record, it looks like he used a PHP exploit to execute a file which locally exploited the Linux 2.4.20 ptrace() hole. This means he had a root shell.

What you can do:

* CHANGE YOUR PASSWORD. I don't think they were compromised, but you never know. We have verified that the "ssh" and "passwd" binaries are not compromised, so log in and change it.
* VERIFY YOUR SOURCE. If you have a cvs project, do a fresh checkout and diff it against your existing sources. I don't think this is a problem, either, but safety first.
* PAY IT FORWARD. If you can't raise your kids to not be script kiddie ****heads, consider birth control.

Again, everything is back up but the web server, which will come back hopefully tonight.

Stay tuned, True Believers.

--The McManagement.

Originally posted by mahdi
If you can't raise your kids to not be script kiddie ****heads, consider birth control.


:)

If not, I would prefer the death penalty.

It's insane that someone would hack something as harmless as icculus :(

Curse those blasted script-kiddies :mad:

<place long rant about script-kiddies here>

Probally some kid was mad because you need the retail version of Duke Nukem 3D Atomic Edition to use the port :p

hehe (in response to mahdi).

But really, its only icculus. He's probably one of the main people who have helped bring propiatary games to linux. Which, imho, is a good thing :)

But o well, Hopefully everyone had backups of their projects.

For the record, it looks like he used a PHP exploit to execute a file which locally exploited the Linux 2.4.20 ptrace() hole. This means he had a root shell.

So much for Linux/apache security.

Yeah, perhaps. Except that fixes for that problem were out at the same time it was discovered (a patch was attached to the email sent to LKML). Contrast that with what happens when almost any closed-source OS company finds a security hole in their product -- they spend six to eight months fixing it, all the while hoping nobody else sees it. Problem is, other people often do see it, and you get six to eight months of people not being able to keep crackers out of the systems involved.

Obviously the ptrace patch never got applied on this machine, but that's not the OS's fault, now, is it.

Originally posted by bwkaz
Contrast that with what happens when almost any closed-source OS company finds a security hole in their product -- they spend six to eight months fixing it, all the while hoping nobody else sees it.
Please post data showing that usually takes 6-8 months for closed source software to fix there bugs, or shut the !$%!#$% up.

:rolleyes:

He says nothing about how the fix was out with the announcement of the kernel vulnerability, and the fact that the reason the server got cracked was because whoever the admin was, didn't keep up on it (granted, they were probably busy with other crap, being icculus.org and all, but still...), of course.

That was my main point -- NOT that it takes companies (infinitely) longer to come up with fixes, but that when the kernel team does it, they also distribute the fix. At the same time.

But, none of the Windows security holes that I've been applying MS patches for at work for the last two years (...or longer?) have been fixed the day they were discovered. I suppose that's my data.