The Viamentis Blog

This really makes me red-faced with shame. But I have to admit. I have been too careless with the security of this site. I wonder if using Drupal for this site is a bad idea. PHP sites, as usual, seem to be the script kiddies favorite honey pots. I have been lax in deleting a xmlrpc.php file that comes with Drupal, used mostly for trackbacks and such. Bad mistake.

Apparently, somebody has been accessing my system quite a lot, and I observed that my account space is being rapidly filled up. I should have suspected some foul play. And as some of you might have observed, the site has beend down for the last 2 days. My disk quota filled up, and apache2 crashed.

I panicked and wrote to Bytemark, my hosting providers, and the service was, as usual excellent. They have found that somebody put a bunch of DVD rips and similar crap in my /var/tmp!! I was dumbfounded. A valuable lesson learnt. I have to be much more careful and paranoid now. I have half a mind to ditch Drupal and use Typo for my blog and develop the rest of the site in custom Rails code. I’ll give it a serious thought.

So folks, protect your servers. Maintain them regularly. Use a firewall, change passwords frequently, and upgrade your PHP apps frequently. They have enough holes to put a strainer to shame.

P.S: I have put some of my pictures of FOSS.IN/2005 in the gallery. Take a look!

"An embarrassing mistake…" was given life on on Saturday, December 10th, 2005 at 12:00 am and, I think, categorized General.