Puzzling site attacks expose open source glitch

Written by Andrew Colley, Contributor
A recent spate of attacks on Macromedia Flash developer community Web sites has exposed a potential security threat in a common open source mailing list application.

Jesse Stratford, co-founder of actionscripts.org, one of three Flash enthusiast sites hijacked over recent weeks, said hackers managed to compromise his server using a vulnerable PHP script in EMML (EternalMart Mailing List Manager).

It took two separate attacks on the site to spot the security vulnerability, Stratford explained. The hackers were able to cover their tracks when the first attack took place around two weeks ago but were less successful in the second attack, which came within hours of actionscript.org's announcement on Saturday that it had recovered the site.

The hackers rigged a backdoor into the site by manipulating the PHP script using a Web browser. Using a very complicated URL, the hackers were able to make the faulty PHP script download and compile code stored on a remote site, said Stratford. Once compiled, the code allowed anyone to log in to actionscript.org's server with root (administrative) privileges, giving the hackers free reign to wreak havoc with the system.

The attack on actionscript.org carries all the hallmarks of a prank, with the hackers limiting their damage to a defacement exercise; inserting a banner promoting their clan. However, events surrounding the incident offer less comfort.

"The fact that it's happened to number of Web sites in the last few weeks seemingly all of a sudden is quite interesting to me," said Stratford.

Over recent weeks hackers have attacked four amicably affiliated Flash enthusiast sites including actionscript.org; two UK-based actionscript.co.uk, flashgroup.co.uk and robertpenner.com, a site run by a US-based author of Flash programming books.

At least one of the sites appears not to have escaped damage as lightly as actionscript.org. Flashgroup.co.uk, still appears to be having problems recovering from its attack, which took place late last month.

Evidence that would link the attacks or the groups behind them is yet to emerge, leaving the Flash community a touch miffed as to why hackers would seek to harm what are essentially volunteer organisations.

Administrators of flashgroup.co.uk left the following message for would-be visitors to their crippled site.

"I can't understand why hackers have come to this site and actionscripts.org it seems very strange to hit on a free resource site. Just goes to show you that hackers can be right t..ts".

Stratford agrees, pointing out that actionscript.org has never had enemies and has never had cause for friction with the wider Web community.

"As to why it's happening I have no idea; I would think we would be the last target of this sort of thing," said Stratford.

"Generally these sorts of people are on the high moral ground. From what I understand they're into freedom of information or sharing...our site is very much a community based Web site".

Stratford has since taken steps to eliminate the security vulnerability. Other than that all he can do is watch and wait.

Editorial standards