Hacked MIT server used to stage attacks, and scan for vulnerabilities

A server at MIT was recently identified as the source for several vulnerability scans, and other attacks against web sites.  The article (linked below) indicates that the malicious script found on the server is used to look for vulnerable installations of phpMyAdmin (versions 2.5.6 to 2.8.2), and use these to compromise a domain.  As of the writing of the article, it is unclear how the malicious script got into the MIT server in the first place.

There are two important lessons to be learned from this:  First, keep your software up to date.  The current version of phpMyAdmin is 3.4.7, well past the range indicated above.  This suggests that the security flaw in the older versions of phpMyAdmin have been resolved for some time.  The second lesson is, though you may think there is no important information on your computer that an attacker would want, the attacker may just want your computer.  As the article points out, few organizations will filter or block sites from a .edu domain, so this particular server was valuable as a base to launch attacks from.

Source article:  http://www.securityweek.com/hacked-mit-server-used-stage-attacks-scan-vulnerabilities

Advertisements

One thought on “Hacked MIT server used to stage attacks, and scan for vulnerabilities

  1. This is a very good point on keeping your software up to date. It’s super important with phpMyAdmin, as I have seen it happen before. phpBB seems to be a big target for exploits and it’s almost a must to keep it updated. Ultimately any software running on a server should be up to date regularly. You’d think a top technology institute in the country like MIT would be on top of it, but it goes to show that it can happen to anyone.

Comments are closed.