Wormux

As you probably knows, www.wormux.org website has been closed because of an intrusion. Wormux website was used to promote and sell warez softwares. It was used to send mails and also to host web pages.

No damage has been done visibly on the website, but we do not know yet how intruders enter and if they have accessed to the database. That's why we have decided to protect access of the website through .htaccess.

Since the beginning of last week, we have made copies of the full ftp and database contents, we have also made a static copy of the wiki using httrack.

We have discovered the following:

• directory www/php/soft was created the 29 Jan 2007 and contains 2 files: index.php and style.css. Both files was php files. Index.php made a require on Style.css that was calling a obfuscated php file stored in www/php/cache/.cache/.
• Other files in www/php/cache/.cache/ are html encrypted files. Most of the files in this directory were modified on 14 July 2009, without using a ftp access.
  

Lami, the first programmer of Wormux and the domain name owner, is currently inspecting all the files to find who is/are the intruders.

The ftp has been cleaned (all files has been removed) and the database has been cleared. Passwords have been changed of course. To allow easier update, we have decided to switch from mediawiki/dotclear/fluxbb to phpboost.

The website is currently under construction

During this time, game servers are still working. Have fun!