RLP Server Hacked or Cracked or Whatever You Call It

September 6, 2005 - 10:17am

My server was compromised by a security weakness in the Real Live Preacher XML feed. The person or persons involved were using our server to route spam. Grrr! There were a million emails in our mail queue this morning.

I was forced to disable the feed. I'll have to get Matt to find a more secure way to offer a subscriber feed to you. Of course, those who rely on my XML feed to know when I post things won't get this message for awhile.

There are a number of pretty serious techies out there who read rlp. If you have a suggested script, let me know.

rlp

rlp's blog
Personal Update | RLP Website
That sucks. Wish I could
Submitted by steelcowboy on September 6, 2005 - 10:40am.

That sucks. Wish I could help, but that's a touch out of my area of expertise...

login to post comments
It's definitely out of my
Submitted by see through faith on September 6, 2005 - 12:14pm.

It's definitely out of my area of expertise and No suggestions but a lot of sympathy. It seems that spammers are on the up and up right now. Several blogs I read have been mobbed - and forced to change the way they do business, one quit altogether which is a real shame.

Be blessed. Great to hear about Katrina appeal :)

login to post comments
Have you tried the
Submitted by Anonymous User on September 6, 2005 - 10:53am.

Have you tried the 'Solution' here, assuming that was the problem.

login to post comments
Grrrr. Hacking your site is
Submitted by The Token Catholic on September 6, 2005 - 12:14pm.

Grrrr. Hacking your site is pretty damn low. Once again proving that spammers are the lowest of the low. I don't think there's anything they wouldn't stoop to.

login to post comments
Terrorists on RLP? That's
Submitted by visual-voice on September 6, 2005 - 3:16pm.

Terrorists on RLP? That's just NOT allowed!

login to post comments
If the people who do these
Submitted by abiding on September 6, 2005 - 4:52pm.

If the people who do these things would spend half as much time doing acts of kindness the world just might be a little better. 

login to post comments
Is this fixed?
Submitted by iandunn on September 6, 2005 - 7:03pm.

Is this fixed? http://www.reallivepreacher.com/blog/3/feed is still working for me.

login to post comments
As someone earlier noted,
Submitted by Sundae on September 6, 2005 - 7:14pm.

As someone earlier noted, there is new version/patch fixing this security hole at the Drupal site. My server got hit through the same vulnerability two days ago (but that attack thankfully mostly failed), so I think the attack is very common right now.

login to post comments
One of the downsides of
Submitted by Anonymous User on September 7, 2005 - 12:20am.

One of the downsides of running your own server is having to keep the software patched -- you or Matt should probably subscribe to the drupal-announce mailing list so that you get notified of security updates, and patch your site when you get the alerts.

Sorry, but it seems to be a fact of modern life on the net.

P.S. Your blog XML feed is fine -- what the spammers used is probably your XML-RPC library (unrelated), which is what needs to be patched. What a pain in the rear.

login to post comments
RLP, Folks that are
Submitted by Anonymous User on September 6, 2005 - 9:51pm.

RLP,
Folks that are computer-literate and know that Google is their friend can get a LOT of help from the news.grc.com newsgroups. They aren't shy about steering you to google if there's a quick answer there, but they're really great about helping you out if you're stuck. I've learned a lot from them. There's a spam group, a privacy group, a techtalk group, and others.

~ Rosanne

login to post comments
People try hacking my
Submitted by Anonymous User on September 7, 2005 - 7:05pm.

People try hacking my ServiceBuilder worship planning site pretty regularly, but I'm curious how you could hack an XML feed!! That's a new one! :-S

Doesn't seem to have interrupted my use of the feed though.

Keep us up-to-date.

Thanks,
Jason Silver
CrookedBush.com

login to post comments