We got hacked. It's under control, but the cocksucker tagged us during the WWDC keynote, when I was otherwise occupied. We have cleaned up, except we need to replace some vandalized HTML from backup and upgrade some software before the webserver can go back up. Email and other services are working.

For the record, it looks like he used a PHP exploit to execute a file which locally exploited the Linux 2.4.20 ptrace() hole. This means he had a root shell.

What you can do:

• CHANGE YOUR PASSWORD. I don't think they were compromised, but you never know. We have verified that the "ssh" and "passwd" binaries are not compromised, so log in and change it.
• VERIFY YOUR SOURCE. If you have a cvs project, do a fresh checkout and diff it against your existing sources. I don't think this is a problem, either, but safety first.
• PAY IT FORWARD. If you can't raise your kids to not be script kiddie fuckheads, consider birth control.

Again, everything is back up but the web server, which will come back hopefully tonight.

Stay tuned, True Believers.

--The McManagement.