Discussion:
[Larceny-users] Larceny website compromised
Marijn
2011-09-26 12:10:32 UTC
Permalink
Hi Will,

Today I browsed to the (old) Larceny home page[1] which says that
there is a new home page[2] which I then browsed to. Unfortunately
there is no index.html (anymore?) so you get a file listing. Then when
I clicked on LarcenyReleases/ I got to this ``Hacked by''-message
which does some annoying browser window resizing and possibly contains
an exploit/weird javascript.

Marijn

[1]:http://www.ccs.neu.edu/home/will/Larceny/
[2]:http://www.larcenists.org/
[3]:http://www.larcenists.org/LarcenyReleases/
w***@ccs.neu.edu
2011-09-26 14:37:41 UTC
Permalink
Post by Marijn
Today I browsed to the (old) Larceny home page[1] which says that
there is a new home page[2] which I then browsed to. Unfortunately
there is no index.html (anymore?) so you get a file listing. Then when
I clicked on LarcenyReleases/ I got to this ``Hacked by''-message
which does some annoying browser window resizing and possibly contains
an exploit/weird javascript.
Thank you for reporting this.

Larceny's site was affected by a large-scale attack against
its hosting service [1,2]. Thousands (and possibly hundreds
of thousands) of web sites are reported to have been affected.

That hosting service appears to have responded by locking all
sites, and their telephone support line has become a busy
signal (!), so I can't fix this immediately.

As a temporary workaround, the larcenists.org site is mirrored
at

http://www.cesura17.net/~larcenists/

Unfortunately, downloading Larceny from that site will be much
slower than downloading from the larcenists.org web site.

If anyone would like to suggest a more secure web hosting
service, please send email directly to me.

Will

[1] http://blastmagazine.com/the-magazine/technology/tech-news/computers/inmotion-hosting-servers-hacked-by-tiger-mte-blast-affected/
[2] http://blastmagazine.com/the-magazine/technology/tech-news/computers/inmotion-hosting-apologizes-says-it-understands-method-used-by-tiger-mte/
w***@ccs.neu.edu
2011-09-26 15:57:14 UTC
Permalink
Larceny's main web site ( http://www.larcenists.org/ ) should be
back to normal now.

As a precaution, the larcenists.org site continues to be mirrored
at

http://www.cesura17.net/~larcenists/

Once again, I thank Marijn for reporting this problem.

Will

Loading...