TL;DR : I got hacked. Fixed it quick. Got cool new toys from the hacker in the process.
One of the pages I hosted for some friends (a Cub Scout pack page that had long since expired…) had an unsecured file. Total oversight, it was an old version of WordPress and it left a password in plain text, for a user that had superuser mysql rights. That account was compromised, and that compromised the entire mysql db, obviously. So, I took down wordpress on this page to allow for cleanup. I am planning on moving this page to AWS in the very near future, but I just hadn’t gotten around to it.
Back in November, someone did a clever scan, and found it. Clever, becaus ethe site isn’t even running. The DN had long since expired with the registrar. I guess they got the IP from an old cache page or something.
They were sending out phishing scams for itunes.fr for a few hours. I shut it down, but in the process, found that the hacker had uploaded their hacking toolkit. So, long story short, I got some cool tools that I never would have found on my own to security test. Now I can run them against my servers and feel fairly confident that all my shit is squared away. And maybe have some fun at someone else’s expense