Media Temple Hacked

Posted by David on 2009-11-27 in Blog Related

MT 居然采用明文方式存储用户 FTP/SSH 密码,于是杯具发生了 —— 貌似一台 GS 服务器被黑了,结果可想而知,我就在那 10% 的用户之列。博客页面 footer 被黑客挂了类似的代码:

<!-- [ea1bce76cc34b90bf0e3eb07e662b430 --><!-- 9190819521 --><noscript><ul><li><a href="http://rg8rhg34h34h.cc/c">.</a></li></ul></noscript><!-- ea1bce76cc34b90bf0e3eb07e662b430] -->

查找了一下被感染的文件:

find ./ | xargs grep 'eval(base64_decode('
find ./ | xargs grep '<!-- \['
find ./ -mtime 0
 
./sparkleisle.com/html
./sparkleisle.com/html/index.html
./voidman.com/html
./voidman.com/html/index.php
./voidman.net/html
./voidman.net/html/index.html

所幸影响不大,手工修复了。

MT 对采用明文密码的解释是:

“Clear Text” is a method of storing passwords in a database so that they are human readable. This preference was made to provide customers a convenient way of managing access to their services, e.g. connecting a PHP app to MySQL.

出发点是好的,可是做法太脑残了。

最后,雪特 AND 发可。 Tags: , .

Comments

You can Leave a reply | Trackback | Feed for this Entry
  1. 1 A.shunreply to this comment
    2009-11-28 12:25

    囧。。还有这种事情。。

  2. 2 Davidreply to this comment
    2009-11-28 12:34

    @A.shun: 的确让人无语了 :twisted:

  3. 3 waynereply to this comment
    2009-11-28 15:59

    分忒,这年头居然还有明文存储密码的。。。

  4. 4 Davidreply to this comment
    2009-11-29 00:19

    @wayne: 害我又得记个新密码

  5. 5 crossyoureply to this comment
    2009-12-10 11:52

    这个title 有点意思 :roll:

  6. 6 Kirayreply to this comment
    2009-12-19 22:02

    完全看不懂囧了

  7. 7 Kira Yuanreply to this comment
    2009-12-24 20:25

    Marry Christmas

Leave a Reply

: when reply to my comment.

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!:

You can use these XHTML tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="">