As some of you have already noticed, this site was hacked
on Tuesday and the posts were all deleted and replaced by a hacker's
signature.
I've spent most of the time since, (a) restoring the data, and
(b) trying to find out what the hell happened.
As to the latter, a combination of MySQL and Apache logs revealed a scripted
attack at 19:33 on the 27th which exploited a vulnerability in phpBB (the
bulletin board system the site is using) to gain Admin access. The version
of phpBB being used by VAMP (2.0.11) was a little aged and I had been lax in
keeping it patched so maybe I had this coming!
For the full skinny on the attack method take a look here,
http://www.frsirt.com/english/advisories/2005/0212 and here,
http://www.frsirt.com/exploits/20050314 ... xp.cpp.php .
I've now (obviously) patched phpBB to the latest version and VAMP is now
back up & running again. Apologies if you've lost posts or your account -
I'm still working on getting these back.
A scan of all relevant accounting and event logs has satisfied me that no
compromise was made at an Operating System level - not that I had any
doubts.
So, a word of warning if you are running phpBB (on any system) - make sure
you're running at least version 2.0.13