FamousPhil.com -- Home My Calendar Youtube LinkedIn Facebook MySpace Twitter RSS Blog Feed

Blog Navigation

Blog Home



Partners

Compiled Thoughts
Debbie's Photo Site
FamousPhil.com on FaceBook
Matthouse Hosting
Wearing Social
Partner with Us!

Latest Activity

MySQL Singleton Classes in PHP and Python

Phil gives the source code for implementing a MySQL singleton class in both PHP and Python.



UnrealIRCD 3.2.8.1 Hits a Trojan Vulnerability

Posted on: June 14th, 2010 by Famous Phil

When I build servers, I build them to run smoothly and last a long time.  I always keep security at the top of my priority list when configuring new servers (and even personal computers).  Today, my security practices were tested, and overall, were very successful!  As a few of my readers might know, Podnet, the IRC network that I run was exploited because of the IRC daemon (software) that it runs.  This required emergency maintenance that caused an hour outage today unexpectedly.

Before I go into my security and how I discovered the vulnerability I want to take a moment to defend open source software.  On June 12, Unrealircd’s developers discovered that the latest version of their software was hacked in November of 2009 on all the official mirrors and their main website.  This hacked copy was distributed for well over 7 months before someone finally caught on when their server was hacked.  When the first server was exploited, the developers figured out how very quickly and discovered that the official installation archive was the culprit.  Because of this, they learned that providing md5 checksums is very important in ensuring the original installation archive is used in installing software.  I have also learned how to check these archives and I will likely always check them from now on after being a victim myself.

Although this vulnerability was solved within hours of its discovery, there are many people out there that will defend proprietary software like Microsoft Windows which is full of vulnerabilities.  The truth of the matter is, Microsoft would have responded just the same was as Unrealircd’s developers did.  The fact that Unrealircd is open source truly allows anyone to see the source and see what vulnerabilities are in a program (and hence fix them).  Its sad that no one who downloads open source software from Unreal discovered this (me included) but that is the way it is.  I still support both Open Source and Proprietary software for their own unique reasons.

So now onto my security.  All of my systems run most programs as underprivileged users that cannot do any wide system damage.  I also run software that detects changes in any kind of file on my servers.  It is a combination of these 2 methods of prevention that prevented podnet from being down much longer than it was (due to the need for a complete server restore to last week).  Thankfully, the script that was exploited couldn’t do anything but run and immediately get killed sending me a notification that something was started remotely.  Within 10 minutes of the exploit, I began figuring out how to fix the problem.  I was originally going to wait until around now to fix it (when no one is on the network) but then within an hour another attempt happened.  Obviously I didn’t want to risk letting my security fail.

If nothing else, I hope that you got that you should NEVER EVER EVER run your own system as an administrator if you care about the integrity of your computer or system.  Thankfully, running as another user, I ended up replacing a single directory as a precaution on the server instead of doing an entire system restore that would have taken much longer.  I continue to always run as the user phil for my own systems which has no privileges except for what I need.   I also disable / rename the main administrator account since most hack attempts come to those accounts (since they’re default).  Hopefully you do the same :)

Tags: , ,
Posted in Hosting / Server Administration
|| 1 Comment »

© 2006-2011 All Rights Reserved
Login