{"id":4627,"date":"2010-10-28T10:43:26","date_gmt":"2010-10-28T08:43:26","guid":{"rendered":"http:\/\/tokao.com\/?p=4627"},"modified":"2010-10-28T10:43:26","modified_gmt":"2010-10-28T08:43:26","slug":"rootkit-hack-in-tokaos-server","status":"publish","type":"post","link":"https:\/\/tokao.com\/wordpress\/2010\/10\/28\/rootkit-hack-in-tokaos-server\/","title":{"rendered":"Rootkit hack in tokao&#039;s server"},"content":{"rendered":"<p>Well, sorry tokao have been offline few hours.<\/p>\n<p>After rebooting the server after a year or so, I noticed weird things, like &#8220;who&#8221; \u00a0and &#8220;top&#8221; were not working, some directories were not there (like the log one), cpu was 100% all times&#8230; yeap, tokao server was compromised on the 26th of October, so yesterday after taking a careful look at what have been done, I closed all ports to the manchine and tonight I have migrated tokao to another more secure server.<\/p>\n<p>Tokao was running on centOS and the rootkit was done via a hole in my old apache. The server was at home with a big UPS and 1Mb DSL upstream, enough for tokao. I had secured ssh with webknock.<\/p>\n<p>Well after 8 years, this is the perfect excuse to upgrade my old CentOS to the newest Ubuntu.<\/p>\n<p>Now tokao is in a VPS Ubuntu machine with the latest updates&#8230; while I decide where to host it. I have not tested all. I see that some stuff still does not work (like url rewrite). Working on it \ud83d\ude09<\/p>\n<p>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Well, sorry tokao have been offline few hours. After rebooting the server after a year or so, I noticed weird things, like &#8220;who&#8221; \u00a0and &#8220;top&#8221; were not working, some directories were not there (like the log one), cpu was 100% all times&#8230; yeap, tokao server was compromised on the 26th of October, so yesterday after [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4,2],"tags":[179],"class_list":["post-4627","post","type-post","status-publish","format-standard","hentry","category-journal","category-technology","tag-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/posts\/4627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/comments?post=4627"}],"version-history":[{"count":0,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/posts\/4627\/revisions"}],"wp:attachment":[{"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/media?parent=4627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/categories?post=4627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tokao.com\/wordpress\/wp-json\/wp\/v2\/tags?post=4627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}