SCCS Servers Compromised

September 11, 2007

Editor’s note: This article was initially published in The Daily Gazette, Swarthmore’s online, daily newspaper founded in Fall 1996. As of Fall 2018, the DG has merged with The Phoenix. See the about page to read more about the DG.

The SCCS server was compromised and was being used to host and send out pharmaceutical spam content, reports SCCS administrator Kit LaTouche ’08. As a result, SCCS had to re-install the system, leaving it down for five hours from 7 PM to midnight on Monday evening.

LaTouche wrote in an e-mail that “in going through the logs, it appears that there was a URL vulnerability in The Phoenix‘s index.php, and elsewhere, but that it began with the index.” This means that “the page didn’t properly check input from the URL query string.” The exploitable Phoenix site has been disabled, and will have to undergo a security audit before going back online.

Sample advertisement

Working off of the URL vulnerability, wrote LaTouche, “it seemed… [that] the attackers were able to execute arbitrary commands as the system user www-data, which is what the webserver runs as, and put files on the system that allowed them later access, even if we fixed the vulnerability in The Phoenix‘s site.” These files were placed on multiple sites hosted by SCCS, including the Daily Gazette and Free Culture.

The SCCS administrators could either “comb through the entire system for files that shouldn’t be there, and, worse, binary files that may have been altered to act as backdoors, or simply re-install the system. We opted for the latter course of action.”

After Monday night’s re-install, spam is no longer being hosted on the SCCS server, but the SCCS admins will be checking The Phoenix‘s website carefully for vulnerabilities before it goes back online.

Leave a Reply

Your email address will not be published.

Previous Story

Kemp Hall Construction

Next Story

Global Health Forum Targets Malaria in Campaign

Latest from Sports

Swinging Through the Glass Ceiling 

The Swarthmore men’s golf team has welcomed numerous women as walk-on players over the years. Currently there are two female players competing on the men’s team: Ava Chon ’26 and Bori Chung ’28. Chon is a senior from Princeton, NJ, who went

Athlete of the Week: Melissa Eyer ’28

Melissa Eyer '28 runs the volleyball court with her elite ball control and defensive capabilities. Read on to hear more about her fourth Centennial Athlete of the Week selection!

Garnet Soccer Takes on Johns Hopkins in Baltimore

On Sept. 20, Swarthmore men’s and women’s soccer packed their bags and boarded buses for Baltimore to play their long-time conference rival Johns Hopkins University. The day began Centennial Conference play for both Garnet teams. The men came into their game carrying

The Best Quotes of Jalen Hurts

We live in a current age of heat checks, lyric drops, motivational apps and posters, and speeches about “locking in” or “walking through fire.” And then there is Jalen Hurts — the starting quarterback for the Philadelphia Eagles, an outright contemporary Nietzsche,
Previous Story

Kemp Hall Construction

Next Story

Global Health Forum Targets Malaria in Campaign

The Phoenix

Don't Miss