Hi, As you probably knows, www.wormux.org website is currently closed because of an intrusion. Wormux website was used to promote and sell warez softwares. It was used to send mails and also to host web pages.
No damage has been done visibly on the website, but we do not know yet how intruders enter and if they have accessed to the database. That's why we have decided to protect access of the website through .htaccess. Since the beginning of the week, we have made copies of the full ftp and database contents, we have also made a static copy of the wiki using httrack. We have discovered the following: - directory www/php/soft was created the 29 Jan 2007 and contains 2 files: index.php and style.css. Both files was php files. Index.php made a require on Style.css that was calling a obfuscated php file stored in www/php/cache/.cache/. - Other files in www/php/cache/.cache/ are html encrypted files. Most of the files in this directory were modified on 14 July 2009, without using a ftp access. Lami, the first programmer of Wormux and the domain name owner, is currently inspecting all the files to find who is/are the intruders. The ftp is now clean (all files has been removed) and the database has been cleared. Passwords have been changed of course. To allow easier update, we have decided to switch from mediawiki/dotclear/fluxbb to phpboost. I (or fredb219 ?) will install it as soon as possible and we will begin the creation of the new website next week. Our graphic artist and web-designer, yeKcim is currently in hollidays, thus the website may have a very basic look during a few weeks ;) During this time, game servers are still working. Have fun! gentildemon _______________________________________________ Wormux-dev mailing list Wormux-dev@gna.org https://mail.gna.org/listinfo/wormux-dev
