Icerocket Blows Up

Icerocket is one of the cooler blog tracking sites, and today it is just having errors that can give a hacker some cool intelligence about how the site is built. The cool part about errors on screen is that they give up a lot of great information about how the web site is configured, and where some of the more fun files can be found in the web site file structure. The errors this morning at Icerocket are centered around the User and DB php files, that if they did not set the security on their system right, could allow some interesting poking at their PHP framework.

A company should never let their PHP installation throw errors to the user screen, this is one of the major ways that hackers can work out ways to worm into a system.

Essentially they are having lockups connecting to their MySQL database, below is a copy of the errors posted.

Warning: mysql_connect(): Host ‘l34.icerocket.com’ is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts’ in /home/webhosts/tracker.icerocket.com/include/db.php on line 11
Host ‘l34.icerocket.com’ is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts’
Warning: mysql_query(): Can’t connect to local MySQL server through socket ‘/tmp/mysql.sock’ (2) in /home/webhosts/tracker.icerocket.com/include/user.php on line 116

Warning: mysql_query(): A link to the server could not be established in /home/webhosts/tracker.icerocket.com/include/user.php on line 116

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/webhosts/tracker.icerocket.com/include/user.php on line 117

Warning: mysql_query(): Can’t connect to local MySQL server through socket ‘/tmp/mysql.sock’ (2) in /home/webhosts/tracker.icerocket.com/include/user.php on line 116

The kind of information that this gives out:

They use Linux, they use Mysql, and they use the standard MySQL socket, the errors gives path information to User.php and DB.php. The cool part is if you try to go pull the pages directly, they are not directly addressable via someone’s browser. That does not mean that you cannot use WGet to grab the files though.

Host Name - Host ‘l34.icerocket.com and depending on how it can be addressed, it might be an internal or external host name that can somewhat crawled to determine the backend infrastructure of the company. Depending on their security will determine if this is a viable way to map out their network.

Since they use PHP, they could have put up a change in their PHP INI file that would have allowed them to not output errors directly from PHP to the screen. They can be dumped into an error file, which is highly recommended that system administrators do. You can program a nice error message in its place that says something that the company wants to say, rather than some nifty cool errors that allow a hacker to get some interesting intelligence via error screens.