WeblogsInc Network Compromised?
It seems like a whole bunch of the WebLogsInc network sites have been compromised. Many sites, including Jason Calacanis' weblog, their corporate site, Luxist, HackADay, their very popular Autoblog, and a bunch more display the following message:
Fuxz Ownz You!
Click the screenshot above for a bigger version.
This seems to affect weblogs that appear to be running the "older" version of their custom-built BlogSmith software.
I've sent a whole bunch of emails to people over there, though I doubt they aren't aware of it by now. Hopefully they can take care of this soon.
Update: Brian Alvey, CTO and co-founder of WeblogsInc, responds:
Our oldest web server's FTP ports were not locked down in our firewalls. Not good. Someone ran cracking software, gained FTP access and defaced our sites. All of our other servers which run Engadget, Joystiq, TV Squad and any blog we've launched since January were untouched, but Hack A Day, Autoblog, Luxist, Gadling, Blogging Baby and several others were affected.
Not much left to say besides we got the holes on that old server closed and I can't wait to migrate everything off of it and decommission it. The new platform has no FTP. All files are managed via web form-based uploads. It's not the easiest way to get a large group of files to the server, but it isn't a hack waiting to happen like IIS's FTP server can be.
I'm not sure how practical it is to abandon FTP, but hey, whatever works.
Disclaimer: Yes, I work with Gawker Media, but it sucks when anyone's website gets hacked.
Posted in Permalinkon July 16, 2005, 07:54 PM |
Jason tells me it's back up now.
Posted by: Robert Scoble at July 17, 2005 03:45 AM
He left his name and EMAIL ADDRESS? Either he's framing someone or stupid. What can we do to him? Spam war wouldn't work, Gmail has spam filters.
Posted by: ankalon at July 17, 2005 07:30 PM