I guess my sy9 installation has been hacked but to confirm this I need some information on the internals of s9y. First off the facts. I have my own dedicated server with evrything set up by hand. A few days ago the server went unreachable and only a hard reset via the admin interface of my hoster did the job. did not find anything unusual in the system logs (didn't look in the apache logs though). Acouple days later I opened my blog in the browser and everything looked fine. my last entries were displayed on the start page but then I discovered that clicking on an entry didn't work anymore. I always got an "not found error". I didn't think of a hack at that point but that my installation was broken in some way so I updated it to the most current version and the update itself seemed to work. My entries were still displayed on the start page but I weren't able to access them. so I made a fresh install into a new directory which left me quiete confused. when I accessed it I only saw ancient entries from 2010. first I thought s9y was sorting ascending instead of descending but after logging in and accessing the admin interface I saw that my more current entries were gone. So why did they appear on the front page of my old installation? Is s9y only generating the start page when entries are edited from the admin-interface and the attacker "only" got access to the mysql?I'm going to dig into my mysql backup from last week as soon as there is time which may help clearing some things up but at the moment I'm just confused. I'm not 100% sure which version I had before I updated but the files in my www directory indicate 1.6:
Code: Select all
# ls -ltr | tail -n 7
-rw-r--r-- 1 root root 5357394 Oct 27 2011 serendipity-1.6.tar.gz
-rw-r--r-- 1 root root 5685683 Jul 26 2013 serendipity-1.7.2.tar.gz
-rw-r--r-- 1 root root 5665896 Aug 28 12:41 serendipity-1.7.3.tar.gz?download
drwxr-xr-x 2 root root 4096 Feb 7 20:37 tmp
drwxrwxrwx 14 nobody nogroup 4096 Feb 7 20:55 serendipity_old
drwxrwxrwx 14 nobody nogroup 4096 Feb 7 22:04 serendipity
drwxr-xr-x 2 root root 32768 Feb 9 07:14 logs