Hacked!

I’m posting the next couple of thngs separately just to keep them straight…

My web server has been hacked 3 times now!

The first two were through really poorly chosen passwords. I was doing some testing with the server, trying to set it up so that each of us could have networked “home” directories, so we could get at our e-mail and stuff from either the laptop or the desktop, even if the desktop computer was turned off. Unfortunately, I set up the kids’ accounts with a default password the same as their usernames…OOPS! I also wasn’t thinking that those accounts were visible from the net through SSH (Secure Shell). OOPS AGAIN! So, someone scanning the net found my SSH server and started trying usernames and passwords and eventually lucked onto BOTH the kids accounts. Once in, they only installed some IRC Eggdrop bot to listen in on IRC channels and setup for DDOS attacks (making my machine part of a “zombie network”). Easily rectified and actually kinda cool to track down and figure out what they did.

The third hack resulted in exactly the same damage, but they got in but exploiting a hole in the phpChat server I had been running. Remember that? It’s gone now, I can assure you! Luckily, they killed the entire web server when they did get in, so I caught on fairly quickly.

Even today, I’m continuously scanned on SSH — trying names and passwords — and on the web server — looking for vulnerable PHP apps. I can appreciate it as “kinda” cool, but these folks probably don’t even know what they are doing. “Script-kiddies” they’re called. They just find the programs online and run tem…they have no idea how they work or what EXACTLY they are doing. They get no respect from me!