Hi,
well, I discovered that my web-server was not showing anything
yesterday, so I made some troubleshooting.
Someone had deleted nearly all the files, and uploaded a new index.php,
with the usual 'You've Been Hacked By bla...bla..bla..., please mail
bla@bla.bla for help'.
This happened 30 jan 06 at 19.34
Sadly for them, index.php is never displayed, so no-one but me did
actually see the haxxor-message.
My problem then was, that I did not know the origin of the voulnability,
så I did some troubleshooting.
Everything was up2date, and it's only me that has access to the box.
I could not find it, so I just reloaded the box, disabled the web-server
and started the q1-servers again.
Then the servers failed to start - could not find some files.....hmmm.
Then I looked at the config-files to locate the problem, and discovered
that the content of the config-file was identical with the haxxored
index.php from my web-server.
The time-stamp of the changes in the config-file, was identical with the
web-servers index.php change, so my conclusion is that somehow they got
write-access to the files and could do what-ever they liked.
Luckily they 'only' destroyed my web-server, and some q1-files.
It's quite common that a game-server has voulnability's, but they
allways only impacts the actual game.
This one was different, since they got access to all my files, and
that's quite bad.
Unfortunately this server was hosting my main web-server [wargamez.dk],
so I was quite pissed.
Now I'm more relaxed, and displayes only 1 page.
Maybe if I find the time some day, I will create a new web-site
I really don't understand why they do things like that - I'm just a
private guy that maintains some game-servers in my sparetime.....I don't
even make any money on it, and has payed all the hardware personally.
Well - life goes on....stay happy.
//riv