The post is a little low on details concerning the actual exploit used, but there's pretty massive carnage. Let's hope the admins have offsite backups.
For those who don't know of Astalavista, it was a popular website for "hackers" with relatively low-quality content. It started in 1994, and was one of the first search engines for computer security information. It hosted software exploits, and quickly degenerated into a forum for sharing software cracks, spyware, and virii.
Being a security-related website, you'd expect the owners to be a little more careful, which is why this is interesting.
One strategy that I employ to mitigate this is to have my backup service connect to the production server, rather than the other way around. That way if your production services are compromised, your backups remain untouched (on a machine that's running no services, behind a firewall, etc, and for all intents invisible).
How is your offsite backup implemented? Is the data stored on a network drive, or backed up to tape?
I have a few servers deployed at various locations around the world, and I have a machine here at home that performs rsnapshot daily backups of their files. I then make bi-monthly backups of those backups, and store them in a saftey deposit box at a bank. This means that if my servers go down, I can restore them to within a day. If my house burns down, I still have my data to within two-weeks.
When your business gets bigger, it might be worth it to look into dedicated hosting and have the datacenter do the backup for you. After all, you want to spend your time managing your IT crew, rather than driving those tapes to the bank :)
Far more interesting was the root escalation exploit. 2.6.18 is a relatively recent kernel, and I haven't heard of exploits publically disclosing something of that caliber. Has anyone seen anything on securityfocus/bugtraq/milw0rm etc regarding this?
[P.S. my VM is 32 bits, because VirtualBox has an issue with 64 bit CentOS 5.3 and AMD PhenomIIs: http://www.virtualbox.org/ticket/3927 ]
Thanks for the background info on the site.
1) The Latin plural of word ending in -us is not -ii. -i at best.
2) 'Virus' doesn't have a Latin plural, because its meaning is like (in the sense of not having a plural) 'sand': it already denotes a multitude.
"Virus" is however, in the second declension (virus -i n. "slime, poison, goo") with the oddity of being neutral while having a second declension -us ending which is normally a feature of masculine nouns. And indeed, its plural would be "viri".
It's also important to note that scholars don't actually know the proper plural of virus because they haven't really found one in extant literature.
Wikipedia has a longer discussion at http://en.wikipedia.org/wiki/Plural_of_virus#Virus
A bit hard to communicate, but that's the keyboard cat playing all of you off.
As an amateur Latin geek myself, I agree that "viruses" is proper from a grammar standpoint, but I sided with Wikipedia because I was using computer terminology.
Put it like this: Grammatically speaking, the plural of virus is viri. Putting it into plural might or might not makes sense. Personally, I don't think that using plural for collections in Latin is a very big sin given that this is very common in classical Latin texts.
One example of this can be found in the famous introduction of Aeneid (I.1 "Arma virumque cano...") lines 31-32, where Virgil is using the plural form of the word "sea" (mare, plural: maria)
"multosque per annos / errabant acti fatis __maria__ omnia circum" - "for a number of years, driven by fate, wandering around on the seas"
Second declension singular nominative nouns end in 'us' and their plural form end in 'i', but fourth declension singular nominative nouns also end in 'us', but their plural form still end in 'us'. Also, like in every language, there are funky exceptions to these rules, like second declension singular nominative nouns which are neuter rather than masculine, but still end in 'us' rather than the normal 'um'. Moral of the story, don't assume that the plural of word ending in 'us' is 'i'.
It's also been about 8 years since I've taken Latin, so take that into consideration before someone goes all Life of Brian on me.
As bad as astalavista is, is it right to reciprocate and trash their server? It seems as if the hacker sunk to their level.
Are there legal ramifications to something like this?
Uh, yeah, of course. Good luck catching them, though.
astalavista.com stole their name to ride on their popularity.
gives a fairly good idea of how to not make the same mistakes, if applicable.
However, since astalavista was the site in question, you will probably be safer to visit after the hack.
Quote: "plaintext passwords? yes, those so called "security professionals" who charge you $6.66 / month to register at their hack-proof portal, save your passwords in plaintext... brilliant!"
dark side of me: I wonder how many of those passwords work to get into those e-mail accounts...
My jaws literally dropped when I got to that part.. that's gotta suck, even for a crude site like Astalavista.
If my assumption is incorrect and no one is interested, I will humbly tuck my metaphoric tail between my legs and refrain from posting such things again.
http://romeo.copyandpaste.info gives an idea about anti-security movement...
btw, this is merely good quality of system maintaince (of course, their backup system is very funny), but this is very usual way people uses linux and oss nowadays - no one cares to much, thanks to apt-get and yum and xen.
Linux is a mainstream now, nothing special, just stupid, plain activity. It was cool when they were migrated from 2.4 to 2.6 kernel, or even from 2.1 to 2.2 glibc. Today it lost all its coolness and romance.
Just imagine what happening in corporate sector, who hires cheap boys or guys from third-world, like me.