Conducted a full investigation? The investigation as to what exactly happened is still being conducted. People are taking the appropriate steps to try to determine who was responsible. I talk to the developers of BitchX daily in #BitchX@efnet. And we were frantically trying to figure out what the hell went on. The main coder wasn't even around during the two days that this occurred, so i see no way that he could have modified the source code.
As far as bitchx.org not being compromised, well the system admin happens to be one of the people sitting right there in #BitchX. And being a competent sysadmin like I know he is, he checked out all aspects of the system and came to the conclusion it was not compromised.
That brings me to the point about different ip blocks being directed to different ips for *.bitchx.org. Some people were actually directed to the real bitchx ftp/www site, while other people were redirected to the 'hacked' site. The hacked site was identical to the bitchx.org site, minus the fact that it had the infected copy of the source code. I give the people responsible for this alot of credit, because 'dns hacking' is very effective at times.
As far as my comments about anonymous ftp servers and holes. I was just reading through some of the posts about this and other situations similar to this. They seem to think its the sysadmin's fault that the hole is there. Even though they may be running the same piece of software and just did not happen to be exploited. Yes, of course SSH isn't anonymous. I was just mentioning the fact that popular methods of interfacing with systems are exploitable without truly being a fault of a sysadmin.
kthx.
ice-man@efnet
The developers of BitchX did *NOT* put malicious code in the source. For one thing, there were two versions of the 1.0c19 source running around. It also seems that the security on *.bitchx.org was never even compromised. The problem lies somewhere with a 'man-in-the-middle' changing some DNS aliases somehow. This is why some people were able to download the real version that was actually released, and some people got the 'hacked' copy.
Also, even though the box doesn't appear to be compromised, it could happen. I hope one of you kids out there is the first one attacked when a new apache or ssh bug is found. You can never be completely secure, especially when you are running anonymous servers for people to download programs.
Slashdot Mirror
Conducted a full investigation? The investigation as to what exactly happened is still being conducted. People are taking the appropriate steps to try to determine who was responsible. I talk to the developers of BitchX daily in #BitchX@efnet. And we were frantically trying to figure out what the hell went on. The main coder wasn't even around during the two days that this occurred, so i see no way that he could have modified the source code. As far as bitchx.org not being compromised, well the system admin happens to be one of the people sitting right there in #BitchX. And being a competent sysadmin like I know he is, he checked out all aspects of the system and came to the conclusion it was not compromised. That brings me to the point about different ip blocks being directed to different ips for *.bitchx.org. Some people were actually directed to the real bitchx ftp/www site, while other people were redirected to the 'hacked' site. The hacked site was identical to the bitchx.org site, minus the fact that it had the infected copy of the source code. I give the people responsible for this alot of credit, because 'dns hacking' is very effective at times. As far as my comments about anonymous ftp servers and holes. I was just reading through some of the posts about this and other situations similar to this. They seem to think its the sysadmin's fault that the hole is there. Even though they may be running the same piece of software and just did not happen to be exploited. Yes, of course SSH isn't anonymous. I was just mentioning the fact that popular methods of interfacing with systems are exploitable without truly being a fault of a sysadmin. kthx. ice-man@efnet
hahaha... yeah i think i wrote that when i was like 12 or something:P but anyway. die. kthx.
The developers of BitchX did *NOT* put malicious code in the source. For one thing, there were two versions of the 1.0c19 source running around. It also seems that the security on *.bitchx.org was never even compromised. The problem lies somewhere with a 'man-in-the-middle' changing some DNS aliases somehow. This is why some people were able to download the real version that was actually released, and some people got the 'hacked' copy.
Also, even though the box doesn't appear to be compromised, it could happen. I hope one of you kids out there is the first one attacked when a new apache or ssh bug is found. You can never be completely secure, especially when you are running anonymous servers for people to download programs.
kthx.
ice-man@efnet.