I figure it’s been a little bit, so I’ve gone ahead and decided to update the XCache installer for version 1.3.0, and my favorite control panel, cPanel.

This is incredibly easy to do and should get a basic/barebones XCache installation up and going fairly quickly on your CentOS + cPanel machine.

First, let’s grab our XCache sources…

cd /usr/src/
wget http://xcache.lighttpd.net/pub/Releases/1.3.0/xcache-1.3.0.tar.gz


Now, go ahead and unarchive the source, and change into the XCache build dir…
tar -xzvf xcache-1.3.0.tar.gz
cd xcache-1.3.0


Let’s prep our sources for the current PHP ecosystem…

root@SERVER [/usr/src/xcache-1.3.0]# phpize
Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519


Now that should have gotten everything sorted with our sources so the XCache install is ready for our PHP version and environment, Let’s go ahead and kick off the build! Keep in mind, this build should be fairly fast and lightweight.


./configure && make && make install

The above line basically says “Run configure, if that is successful w/o errors, run a make, and if that finishes w/o error, run the install”. Once this is complete, you should see a line that says something like the following…

Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20060613/

This is going to be where our xcache.so file is located, however when cPanel builds your php.ini file, it’s going to have that set already. So getting the base module loaded is as simple as running the following command.

echo "extension=xcache.so" >> /usr/local/lib/php.ini

After that, you should be able to do a quick check of the PHP CLI and verify that it loaded properly with the ‘php -v’ command…

root@SERVER [/usr/src/xcache-1.3.0]# php -v
PHP 5.2.13 (cli) (built: Jun 16 2010 09:27:33)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
with XCache v1.3.0, Copyright (c) 2005-2009, by mOo


And there you go, you can safely restart Apache now and you should be serving cached content. Please keep in mind, you’ll need to configure your XCache setup to ensure everything is working properly, all we’ve done here is install the base module.

I’d suggest taking a look at our other article regarding the tuning of XCache for a bit more information on this.

Wow.  That’s all I can say.  T-Mobile is hacked BIGTIME and from the looks of things, I’d say they knew about it.   Typically in these sorts of situations, the hackers will contact the company they just owned and try to buy their silence.  Now, if the company refuses, then that data gets shopped around.

Now, if there’s no buyer after that, the hacker isn’t just going to walk away, especially on a large scale hack like this.  They’re either going to A: Auction your data off to the highest bidder, or B: Publicly release it for the fame/glory/etc.

I think the biggest thing that concerns me about this, being a T-Mob customer and all, is that even after being contacted by the hackers (assumed at this point), I’ve seen ZERO notice from T-Mobile about this.   Given the scale of their operations, and the control they have over your private data, this is quite concerning.

Let’s think about this for just one second, here’s a bit of info T-Mobile has on you…

• Full Name
• Home Address
• Phone Number
• Answers to private security questions (commonly reused by people from site to site)
• Social Security Number
• Birthdate
• Credit Card Number
• Credit Card Expiration Date
• Credit Card CCV Value (possibly, vendors aren’t supposed to store, but you never know)
• Billing address if it differs from your Main acct address.

Now, that’s just the billing info alone, and if they hackers do have root access on the machines in that URL above, which contains quite a few billing machines, we can assume they have this data in some form.  Let’s look at the other data they have on you…  Here’s where things start to get even freakier than simple credit card fraud and identity theft potential of the situation.

• Your Phone Number
• Your Phones IMEI (numerous repercussions from this)
• Your Call History (Inbound and Outbound)
• Radio Tag Number
• GPS Tag (Yes, your phone has a GPS/Cell location unit.   Yes it can be used to track you without your knowledge)
• Text Message History (inbound and outbound)
• Email History
• Access to your cam-phone pictures (most phones upload and store these online now)

Now, the above list is all stuff that your cell provider logs and tracks.  We know this, it’s public knowledge, etc.  Let’s go ahead and put on the SUPAR BIG tinfoil hat now…   With the advent of government pushes into call logging/tracing/information tracking, we know for a fact that several of the big telcos already record phone calls, fully log all data communications, and have active taps on all of this information.

As more or less of a mental exercise, what do you think the repercussions from this hack look like now?   How far did the intrusion go, and what is the extent of the data turnover?

Spooky, isn’t it.  The even spookier part is that I doubt we’ll ever get a public acknowledgment from T-Mobile regarding this intrusion, any turnover of customer data, nothing.

If you don’t want to end up like T-Mobile, it might be time to look into a proper security audit of your network.
serveradmins.NET