A few days ago I noticed someone defaced the part of my server that’s also running this weblog. As I didn’t have the time to really get into it, I removed the defaced part, updated all of my software and assumed the rest would be OK.
It wasn’t. I just found my server giving me a 403 “forbidden” error, because the /var/ dir was set to be editable and read only by root and, more concerning, it was setuid root. This was also the case for /tmp, causing mysql to die.
All of this is definitely not supposed to be, so I’m taking it all offline tomorrow and serving static pages meanwhile. Sorry for the inconvenience :)