Rock on guys! Everything will go back to normal (or even better - new,
better web page), looking foreward to watch wormux respawn :D.
2009/8/8 Matthieu Fertré <matthieu.fertre@...>
> As you probably knows, www.wormux.org website is currently closed
> because of an intrusion. Wormux website was used to promote and sell
> warez softwares. It was used to send mails and also to host web pages.
> No damage has been done visibly on the website, but we do not know yet
> how intruders enter and if they have accessed to the database. That's
> why we have decided to protect access of the website through .htaccess.
> Since the beginning of the week, we have made copies of the full ftp and
> database contents, we have also made a static copy of the wiki using
> We have discovered the following:
> - directory www/php/soft was created the 29 Jan 2007 and contains 2
> files: index.php and style.css. Both files was php files. Index.php made
> a require on Style.css that was calling a obfuscated php file stored in
> - Other files in www/php/cache/.cache/ are html encrypted files. Most of
> the files in this directory were modified on 14 July 2009, without using
> a ftp access.
> Lami, the first programmer of Wormux and the domain name owner, is
> currently inspecting all the files to find who is/are the intruders.