Apologies for the unscheduled brief outage this morning. One of my other servers was compromised yesterday by a PHP vulnerability (PHP claims it’s bad script code, but every other site I’ve seen says that this compromise was actually bad PHP engine… Ho Hum, who cares, I’ll just stop the gap :)) and as a result it caused to me to install some extra precautions on the DD server.
In the case of my other server I’m certain I got to it before any damage was done, I’ve run extensive checks and counter tests to ensure that no data was corrupted or lost, and it would appear that all is well. The changes I’ve made to both servers will prevent the attackers from gaining access again. Note that this was purely a preventative step in the case of DearDiary.Net. The DearDiary server was NOT attacked
Thanks to Matt for his input on the issue which enabled me to get a very quick ‘plug’ in the gap yesterday, and thanks to The Serverbeach Techs for their assistance in helping me check all the data on the other server out.
There will be another outage shortly as I upgrade the underlying Linux OS, but I’ll give more details when I know them myself.
For those that are interested in such things, the attack was as a result of the later variant of the ‘Santy’ PHP worm. Check out Google for it if you care. Note that most of the damage that is mentioned in any website about Santy is mitigated on these servers by the fact that Serverbeach do not allow IRC traffic on their network.