Cracked... Sort of

My server was attacked via a php vulnerability today. I had overlooked that I was still running 4.3.9, which can be broken into by the Santy worm. As it turns out, I was instead attacked by the “Anti-Santy Worm” (ASW), which doesn't seem to be wide spread enough to come up in Google yet. The ASW was only ability to obtain nobody privileges on the server, which — best as I can tell — allowed it to do nothing other than replicate. The server was not rooted, fortunately, if it had… well, I don't want to think about that. Ya know what I mean?

Again, its still somewhat speculation at the moment, as I've found my mind too muddled to read Perl fluently today, but I think it looks like a worm that actually tries to repair the vulnerabilities it finds on phpBB boards (the main mode of attack for the Santy worm) rather than doing anything destructive. Interesting, but disturbing that it was able to execute itself on the server, even with virtually no privileges — I thought I'd taken care of such things. Now I've upgraded to the latest Apache 1.x and PHP 4.x which is suppose to fix these problems (note, that like most production servers, this one does not run Apache 2.x or PHP 5.x yet).

Unfortunately, I've killed all of the WordPress blogs on the server in the process. I'm recompiling Apache again in hopes of fixing that. If not, I think I'll just jump off a cliff — that's the easiest solution.

I can't take any more this week. My mind is too muddled. Well, I shouldn't say that, but I have found that for the last day or two I've been having a hard time bringing words to mind at times. I need a few uneventful days. Just a few.

Update (2004/12/30 11:33 PM): It seems I fixed the problem. I didn't upgrade Zend Optimizer after doing the PHP update necessary to secure things. The latest PHP was incompatible with the older version of Zend I was using. Now things work again, hopefully in a much more secure fashion.