Today my site was hacked: someone deleted all files on my server. Later I found out that the hacker used the Movable Type script "cgitelnet.pl" to do this.
Through this script the hacker could telnet and issue commands like: sh and cd.
203.210.150.31 - - [10/Feb/2004:16:42:42 +0100] "GET /cgi-bin/cgitelnet.pl HTTP/1.1" 200 2839 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
Luckily my hostingprovider had a back-up of my site, but I want to know if this is a known issue, or if it is something i did wrong. Can I safely remove the file, without getting MT all muddled up? I'm using MT 2.62
Full Version: site hacked through cgitelnet.pl
cgitelnet.pl is not a Movable Type file. You might find more information about it through this google search, if your hosting provider is not able to provide any more information. 
You're right. I'm sorry for posting this here... It's just that I never used the cgi-bin for anything else than MT. I now found out that the hacker uploaded that script. Sorry for the unrest I might have caused. Is there a way to close this topic?
No problems. Good luck with recovering your site. I'll leave the thread open for a bit, in case you have any problems with that. Just post them here.
I'll leave the thread open for a bit, in case you have any problems with that. Just post them here.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.