Simon Buchanan wrote:
Hi, A little over an hour ago.. all our PHP and HTML files got changed to this on my little develpoment box:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>This site is defaced!!!</TITLE> </HEAD><BODY bgcolor="#000000" text="#FF0000"> <H1>This site is defaced!!!</H1> <HR> <ADDRESS><b>NeverEverNoSanity WebWorm generation 11.</b></ADDRESS> </BODY></HTML>this is wierd, you cant ssh into the box. its got pureftpd/apache/php/mysql running on it. with only ftp/http ports open, all else firewalled out....WTF!!!? I cant find any reference to this on google??
It means that you have been p0wned. Someone has gained root access to your box and obviously defaced your website. Since they had root access, there is no telling what other damage they may have done. You will need to wipe the machine clean and start with a fresh install. -Roberto Sanchez
Attachment:
signature.asc
Description: OpenPGP digital signature