SCCS Servers Compromised

September 11, 2007

Editor’s note: This article was initially published in The Daily Gazette, Swarthmore’s online, daily newspaper founded in Fall 1996. As of Fall 2018, the DG has merged with The Phoenix. See the about page to read more about the DG.

The SCCS server was compromised and was being used to host and send out pharmaceutical spam content, reports SCCS administrator Kit LaTouche ’08. As a result, SCCS had to re-install the system, leaving it down for five hours from 7 PM to midnight on Monday evening.

LaTouche wrote in an e-mail that “in going through the logs, it appears that there was a URL vulnerability in The Phoenix‘s index.php, and elsewhere, but that it began with the index.” This means that “the page didn’t properly check input from the URL query string.” The exploitable Phoenix site has been disabled, and will have to undergo a security audit before going back online.

Sample advertisement

Working off of the URL vulnerability, wrote LaTouche, “it seemed… [that] the attackers were able to execute arbitrary commands as the system user www-data, which is what the webserver runs as, and put files on the system that allowed them later access, even if we fixed the vulnerability in The Phoenix‘s site.” These files were placed on multiple sites hosted by SCCS, including the Daily Gazette and Free Culture.

The SCCS administrators could either “comb through the entire system for files that shouldn’t be there, and, worse, binary files that may have been altered to act as backdoors, or simply re-install the system. We opted for the latter course of action.”

After Monday night’s re-install, spam is no longer being hosted on the SCCS server, but the SCCS admins will be checking The Phoenix‘s website carefully for vulnerabilities before it goes back online.

Leave a Reply

Your email address will not be published.

Previous Story

Kemp Hall Construction

Next Story

Global Health Forum Targets Malaria in Campaign

Latest from Sports

Athlete of the Week: Lilly Goldberg ’28

Lilly Goldberg ’28 is a first-year pitcher on the Swarthmore softball team. The Pittsford native had a strong performance on Tuesday against Franklin & Marshall College, when she made a season-high fourteen strikeouts in seven innings. Goldberg only allowed one hit against

Athlete of the Week: Danny Castle ’27

​Swarthmore sophomore Danny Castle ’27, hailing from Highland Park, IL, has rapidly emerged as a standout in the Garnet men’s swimming program. Specializing in freestyle and backstroke events, Castle has already etched his name in the college’s record books. At the 2024

The 2025 NWSL Season Kicks Off

Women’s soccer is back and better than ever! On Friday, March 14, the first whistle blew to kick off the opening weekend of the 2025 National Women’s Soccer League (NWSL) season. Orlando Pride, the returning league champions, made a bold statement at

Spring Training Stories

As a true sports fan might turn their attention to the craziness of March Madness, another sport is beginning to ramp up: baseball. The Major League Baseball’s (MLB) preseason, also known as Spring Training, has been in full swing for a few
Previous Story

Kemp Hall Construction

Next Story

Global Health Forum Targets Malaria in Campaign

The Phoenix

Don't Miss