Webby award winning porn site Stileproject.com was hacked yesterday. The culprit identified himself as Fluffi Bunni, the same hacker who defaced both the Sans Institute and Sourceforge a few months ago. He left a calling card featuring a pink fluffy rabbit.

Although Jonathan Biderman, the site's owner, said originally that he would kill off Stileproject after the hack, he seems to have got a backup version up and running.

"My head sank into my stomach as I knew that something really, really bad had happened," he said. "The other day someone was telling me about this new FreeBSD exploit that lets people get root access on the server and do whatever they want with it. Looks like I was a victim of that exploit, even though we thought we had it patched."

The hacker exploited a bug in the telnetd Telnet server by expanding data in the telrcv buffer so that it extends out of its fixed boundaries. Exploiting the vulnerability can crash the server, or be used to gain root access to the machine.

The flaw is a remotely exploitable buffer overflow in Telnet daemons derived from BSD source code. The vulnerability affects FreeBSD, BSDI, IRIX, Linux, NetBSD, OpenBSD, Solaris and other machines running telnetd.

An advisory issued by the Computer Emergency Response Team can be found here.