Misery loves company

hack ogre security Web

So, now that I have basic service back at my newly reinstalled server, it’s time to start re-downloading clean packages for the software that makes up ogre3d.org. Imagine my surprise when I went to phpBB.com and saw this: Looks like I’m not the only one having a bad week 😕 Current priority is getting the forums back online, watch that space.

Read more →

I hate Mondays - ogre3d.org hack

downtime hack ogre

Great. I got a call from the provider of the server on which ogre3d.org runs today saying that the server had been compromised, and that they were going to have to resinstall it. Seems that an unpatched flaw in a Joomla! component allowed a backdoor to be created which was spamming. My fault - I should have patched Joomla! more often. But, I’m busy. What’s annoying is that even though I can 100% guarantee that the compromise could not have extended beyond a certain defined scope, since SELinux prevents that at the kernel level, the host has insisted on taking a tough line on this - their unshakeable policy says that a completely fresh reinstall is required, and it has to be done today.

Read more →