Regrets

From the Blog of someone whose server was comprehensively hacked…

“Okay, so how did the guy get in? No idea. The logs were gone. My best guess is a PHP CLI script I had running which allowed a Flash IRC app to re-route through my server to the freenode IRC servers. It was probably running as root and hackable as hell. I’ve also been playing with Apache and PHP 5 lately, so that was running on port 8080, and I really hadn’t made any effort to secure it. Or it could have been any number of exploits out there that I never bothered to patch, or it could’ve been a bad password. We’ll never know. Whatever it was, it was my fault for not maintaining my site better.”