22 February, 2016


Just another in a long line of successful *AMP-stack takeovers.

The usual suspect attack-vectors:

  • a publicly open FTP-service (why, oh why do people absolutely need FTP? SSH FTW!)
  • web-panel software for administration of website
The first attack took over the project's main website and replaced the installation-ISO download-links with new links to 3rd party malware-infected ones. So, beware the checksum for any ISO downloaded on the 20th this month.

Following this attack, another was also successful in getting the phpBB database for the Mint support-forum/-community.

Users of the support-community site were urged to change their passwords as the database was found (on the same day as the attack) for sale on The Dark Web.

This is not new.

Poorly maintained web-servers (or any Linux-based server for that matter) often suffer from "update-ignorance", i.e: system-operators / -administrators who fail to (or just blatantly ignore vulnerability advisories, and) patch vital system-components and / or applications on Linux-servers in good time before a so-called "in-the-wild" exploit takes place, and the evidence of such activity it removed completely.


0 kommentarer :

Post a Comment