You are here

Server Compromised

Due to some unfortunate timing on the discovery of a security flaw in the version of Exim running on this server, it was compromised by what appears to have been a script kiddie. A rootkit was installed and an ssh server started for their use, but according to the server logs neither was ever used. Admittedly the logs can't be completely trusted in this situation, but the rootkit wasn't sophisticated enough to cover its tracks well so I doubt it touched the logs. I also found out about the rootkit within a few hours of it being installed (I was on vacation when the exploit was found, which is the reason I wasn't able to update before the attack, but the server wasn't rooted until the day I got back), so it's highly unlikely anyone had time to do much poking around.

This is most of the reason for the recent server downtime (along with a small bug in my hosting provider's control panel that caused my reinstall to fail), but it has been rebuilt from scratch so it is once again exploit free. I wanted to let anyone who might have registered an account on the site know what was going on in case they wanted to take any actions in light of the compromise. As I said, I don't believe any data was actually retrieved, and account passwords are stored as a salted hash so they're extremely difficult to crack even if someone did get ahold of them. Still, full disclosure and all.

For the curious, here's the Exim mailing list thread about the exploit:

On a more pleasant, game-related note, I've gotten a good start on the re-texturing. Keep your eyes open for a post and a screenshot or two about that in the near future.