[mythtv-users] pcHDTV.com defaced AGAIN

Anthony Vito anthony.vito at gmail.com
Tue Dec 21 15:44:00 UTC 2004

> Can someone reach out to Jack/folks and tell them to fix their WWW site again?
> Wow - someone doesn't like them.

Script kiddies don't discriminate. They'll just hack whatever known
exploits are available for whatever server. The problem with
pchdtv.com is this ... https://pchdtv.com/ ... they are running the
SSL port open on version 1.33.3 of apache... I bet they don't have all
the SSL patches up to date, because they aren't really using SSL all
that much.... Or the fact they are running PHP 4.2.2. That has some
known exploits as well.....

They also have their server horribly unsecured... it's running all
these open ports...

## nmap -sS pchdtv.com

Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-12-21 10:31 EST
Interesting ports on powell.slcinet.net (
(The 1635 ports scanned but not shown below are in state: closed)
21/tcp   open  ftp
22/tcp   open  ssh
23/tcp   open  telnet
25/tcp   open  smtp
79/tcp   open  finger
80/tcp   open  http
106/tcp  open  pop3pw
110/tcp  open  pop-3
119/tcp  open  nntp
139/tcp  open  netbios-ssn
143/tcp  open  imap
443/tcp  open  https
513/tcp  open  login
514/tcp  open  shell
587/tcp  open  submission
990/tcp  open  ftps
992/tcp  open  telnets
993/tcp  open  imaps
995/tcp  open  pop3s
2401/tcp open  cvspserver
3306/tcp open  mysql
5190/tcp open  aol

MySQL is available for internet logins... I bet that's the same MySQL
they are storing credit card information in!!! They have "AIM" running
on the server for god sakes!!!!  I can think of at least 7 starting
points to break into that box... and I bet 3 of them would have me
ending up as root or at least getting write access to the web space.

pchdtv guys... I love you and what you stand for. I will donate my
time to secure your server properly if you wish. If anyone has contact
info for "Jack" is it? Send him my offer and my contact information.

Anthony Vito
anthony.vito at gmail.com

