RealTime IT News

Blog Site Blogger.com Clogged

Blogger.com, a popular Web site for online personal journals, was hacked Friday morning, causing the site to go offline for several hours.

According to Evan Williams, Blogger.com president and CEO, the hacker used a known vulnerability in Linux Red Hat to bypass the company's security measures, though he said he doesn't think the attacker was able to gain root server access to the machine.

Officials shut down the site at 9 a.m. PST and resumed service at 11:30 a.m. PST. Blogger.com has two FTP servers, the one compromised was patched and put back online.

Once inside the site's file transfer protocol (FTP) database, the hacker was able to change every member's upload password and @blogger.com e-mail address to either "hacx0redbyme" or "hax0redbyme."

"Nobody's credit card information or FTP login information was taken," Williams said, minimizing the extent of the break-in. "We just patched up the machine that had access to the database."

Blogger.com officials took the site down soon after the attack with a brief apology saying they were down for repairs posted on the Web site's home page. A couple hours later, the site was back up and running and its status page briefly ran the following message:

"Blogger has suffered a security intrusion by a "haX0r." We have all the data that was changed backed up within a couple hours of the attack, so we can have things pretty much back to normal soon. Of course, we're assessing the situation as thoroughly as possible to make sure it doesn't happen again. Also, if you store your FTP login information in Blogger, it wouldn't hurt to change that on your server-though it is unlikely that information was accessed. Sorry for the inconvenience."

Blogger is a popular freeware application, letting Internet users to create their own Web blog after registering at the site free of charge.