friend: i got hacked last night ;-)
friend: fun fun
friend: one of my boxes, defaced ~130 frontends (user sites), about 2500 backends
skullaria: oh shit
skullaria: I wanna see
friend: defaced
friend: well you can see mirrors
friend: but i already fixed it all up
skullaria: show me
skullaria: was it a pain? how do you know they weren't backdoored?
friend: total defaced time was about 15 mins for most accounts
friend: checked backdoors, found a couple irc bouncers and a rootkit that was never used.
skullaria: dude, that sucks. How?
skullaria: what os?
skullaria: any one in particular?
friend: server was banging away (dos) at another server within ti's subnet but it wasn't mine. cleared that up
friend: redhat, it was a fuckin cgi exploit
friend: i was fully patched up , kernel etc.
skullaria: damn
skullaria: what kind?
friend: http://www.zone-h.org/en/search/what=wrestle/

Cause:guestbook cgi, and h.cpp
>> the only commonly availlbe exploit so far for this cgi bug locks onto 44464 only
>>everything up there in that range should have been blocked anyway