• senorblackbean@lemmy.world
    link
    fedilink
    arrow-up
    25
    ·
    1 year ago

    My guess:

    spoiler

    An attacker exploited a SQL injection or buffer overflow flaw in Apache+PHP+MySQL (which they have no idea about), installed a Java based coin miner (gross, I know), and deleted /var/log to cover up their tracks. But it was Col. Kernel that killed MySQL for using up too much memory. Ruby is just there because of some obscure distro dependency nobody uses.

  • ZC3rr0r
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    My money’s on the sysop being guilty of manprocessslaughter or at least gross negligence for not putting enough RAM in the box.

  • mlg@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Injection attack submitted through apache, processed by an outdated PHP, forwarded to fat java who’s running a ye olde ass library to do sql input sanitization (it failed lol), and passed onto MySQL via a ruby script, which had a stroke because the request was to write to /var/log because someone was screwing around in sqlmap

    Oh and /var/log “accidentally” had 777 perms lmao