An urgent warning to all concerning ~el8 / project mayhem

[full-disclosure () lists netsys com (full-disclosure () lists netsys com)]

I will not disclose my name for obvious reasons. However, as much as it pains me to do so, I need to issue a grave 
warning to all subscribers who are loosely antagonizing these ~el8 / project mayhem / #phrack high council individuals. 
When I called them kids, I meant in the sense of their behavior as being childish, not in regards to their technical 
abilities (if any). 

It would appear the sole publicly accessible machine on my company's network has been compromised using a remote Apache 
exploit (Apache is the only daemon running on the machine and it was installed after performing a Net install of 
FreeBSD-current). An obscene note was left in my webroot that I will not enclose here. The version of Apache I am 
running is 1.3.26. It was installed weeks ago in response to the "Apache chunking" vulnerability. Unfortunately I do 
not have the data available to reconstruct the attack, but I have since taken steps that will hopefully thwart all 
future attacks, and I urge subscribers to this list to do the same (via chroot mechanisms).

They sit on #phrack on the EFNet irc network. I have joined there incognito, but as far as I can see, no mention has 
been made of any such vulnerability or exploit. They are using "handles" that are rather self-deprecating and appear to 
be feigning technical incompetence for whatever reasons. It seems they are deliberately trying to be underestimated, 
but the connection to ~el8 is very obvious. A friend of mine who has more underground know-how, so to speak, has told 
me that among their ranks are known exploit coders. There are also connections to blackhat groups such as ADM and TESO.

In the topic of the channel is this wired.com article:

http://www.wired.com/news/culture/0,1284,54400,00.html


--
This message has been sent via an anonymous mail relay at www.no-id.com.