Current time: 04-24-2014, 12:47 PM Hello There, Guest! (LoginRegister)

Post Reply 
all file permissions changed to 755 -- not by me
02-19-2012, 12:34 AM
Post: #18
RE: all file permissions changed to 755 -- not by me
(02-18-2012 10:58 PM)forkosh Wrote:  Yes, I was logged in at that time, so have to agree (especially since nobody else has replied to report a similar experience) the circumstantial evidence best suggests me. I want my lawyer.

It's an interesting puzzle though. Obviously you are the type of person who knows what he's doing, so the odds of this sort of massive mistake are slim. The odds of DH making a mistake... well, let's not think about that too much but in general I'd say the odds are low.

(02-18-2012 10:58 PM)forkosh Wrote:  I do have various of my own cgi's that are documented online and intentionally publicly accessible, but they know nothing about chmod-like stuff.
[...]
Hence the quandary: must be me, can't be me. I'm stumped.
Most suspicious thing I could find was a core file from one of my cgi's (but timestamped 2012-02-16 14:28, apparently after the incident). From it I gathered REMOTE_ADDR=94.142.134.155, apparently someplace in Latvia. So I added a deny from 94.142.134. but have no idea what, if any, good that might do.

I assume you've checked the logs for that time period? Was there any unusual activity? One possible solution may be that one of your scripts has a heretofore unknown bug which has somehow been exploited? Your diff shows there are no new files or changes, so perhaps the exploit is only minimally useful? Of course, chmoding to 777 would have been more useful if it was due to an exploit...

hmmm...
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
RE: all file permissions changed to 755 -- not by me - bobocat - 02-19-2012 12:34 AM

Forum Jump: