I don’t blame the author of the software or the PHP programming language. It was an easy mistake to make. I still intend on using the software (and upgrade to the newest version even). It was my own fault for not keeping a closer eye on the server logs and on the TNG mailing list to notice that this kind of thing was going on.

I haven’t actually been able to pinpoint the exact day or time when the hack occurred. The first attempts began in mid-March. I don’t think the hack actually occurred until just a few days ago, when I noticed the page on my site was posted in a Spanish-language forum as a badge of honour as it were. Thankfully, the kids trying this stuff out aren’t really that bright, as witnessed by a lot of failures to even copy and paste correctly.

One of them actually managed to copy a couple of executables that looked like IRC server software or something, but was undoubtedly stopped cold when it had no chance of running on my server’s architecture.

These are the IPs of the machines from which these kiddies attempted their hacks, followed by the URLs where they hosted their payloads:

Update (18 Jul 2007): I’ve created a quick and dirty live feed of hack attempts and the external links from where the attack scripts are being hosted, seeing as I’m still getting the odd attempt now and then…

Update (15 Sep 2007): List removed since it’s grossly out of date.