

Cryptome hacked - jacquesm
http://www.cryptome.org/2012/01/cryptome-virus.htm

======
thaumaturgy
That's rough. It looks like they still have no idea how their server was
compromised, although they appear to be running Frontpage extensions (if the
posted scan is accurate), which can be a great way to get bit. I have no idea
what the state of Apache's Frontpage extensions are.

If it was a Frontpage exploit though, then that should show up in the server
logs. If the server logs don't show anything suspicious, then I'd be more
concerned about how it happened and whether any other system files have been
touched.

rkhunter (<http://rkhunter.sourceforge.net/>) used to be a nice way of getting
started with a problem like this, but I haven't used it in a long time and it
looks like the project might be dead now.

One of the nice things about using BackupPC on a server is that it can show
you when files change for a particular directory, which might make server
cleanup easier, depending on how careless the attacker was.

