Media Temple Hacked
MT 居然采用明文方式存储用户 FTP/SSH 密码,于是杯具发生了 —— 貌似一台 GS 服务器被黑了,结果可想而知,我就在那 10% 的用户之列。博客页面 footer 被黑客挂了类似的代码:
<!-- [ea1bce76cc34b90bf0e3eb07e662b430 --><!-- 9190819521 --><noscript>
<ul>
<li><a href="http://rg8rhg34h34h.cc/c " > . < /a></li>
</ul>
</noscript>< !-- ea1bce76cc34b90bf0e3eb07e662b430] -->
查找了一下被感染的文件:
find ./ | xargs grep 'eval(base64_decode('
find ./ | xargs grep '<!--\['
find ./ -mtime 0
./sparkleisle.com/html
./sparkleisle.com/html/index.html
./voidman.com/html
./voidman.com/html/index.php
./voidman.net/html
./voidman.net/html/index.html
所幸影响不大,手工修复了。
MT 对采用明文密码的解释是:
“Clear Text” is a method of storing passwords in a database so that they are human readable. This preference was made to provide customers a convenient way of managing access to their services, e.g. connecting a PHP app to MySQL.
出发点是好的,可是做法太脑残了。
最后,雪特 AND 发可。