Hacker Alert!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Lacrosse Boy
    Senior Member
    • Jan 2003
    • 365

    Hacker Alert!



    I am all backed up and updated on EVERYTHING.
    | DiscBurn | CD & DVD Replication services, film and VHS to DVD, and duplication equipment
    |
    Disc On Demand | Short-run CD & DVD duplication... all online.
  • IDN
    Senior Member
    • Apr 2002
    • 4030
    • 3.5.x

    #2
    Ah, hope it doesn't become too bad
    Running vB since 4-14-2002

    Comment

    • Mephisteus
      Senior Member
      • Aug 2002
      • 494
      • 3.7.x

      #3
      The purported ``prize'' for participating hackers was 500-megabytes of online storage space, which made little sense to computer experts. They said hackers capable of breaking into thousands of computers could easily steal that amount of storage on corporate networks.
      come on, they could give 5 cent as a price, the hackers do it because they like it. Besides, most of them are prolly script kiddies... real hackers are hired to check the vulnerablity of corparate servers. Hackers are now thought of as scum of the earth, and I don't like that
      A bullet may have your name on it, but shrapnel is addressed "to whom it may concern"

      Comment

      • DirectPixel
        Senior Member
        • Jan 2002
        • 4703
        • 3.5.x

        #4
        /me takes off his red hat and puts on a black one.
        :)

        Comment

        • Babylon
          Senior Member
          • Feb 2002
          • 331

          #5
          Originally posted by Lacrosse Boy
          http://www.siliconvalley.com/mld/sil...ey/6219890.htm

          I am all backed up and updated on EVERYTHING.
          Sounds like fun
          Quids on my websites get destroyed

          Comment

          • TheForumHost.com
            Senior Member
            • Apr 2003
            • 206

            #6
            HACK THE PLANET!!!!!

            Comment

            • TheForumHost.com
              Senior Member
              • Apr 2003
              • 206

              #7
              Unless your site gets millions of hits, You will be ok. Sites that would be targets in something like this would be like M$, sex.com and neopets

              Comment

              • DirectPixel
                Senior Member
                • Jan 2002
                • 4703
                • 3.5.x

                #8


                NeoPets mentioned right after those two. hehehe, *laff*
                :)

                Comment

                • bahbah
                  Senior Member
                  • Dec 2001
                  • 606
                  • 3.8.x

                  #9
                  If you've rooted a large number of boxes - would you want to have your work made obvious and ruined (alerting the admins to your presence) by just defacing websites ? There are far more interesting things to do to a compromised box than that. Defacing websites is such a waste. Like someone above posted, if your site isn't getting a LOT of hits I really wouldn't care less.

                  Comment

                  • TheForumHost.com
                    Senior Member
                    • Apr 2003
                    • 206

                    #10
                    Originally posted by DirectPixel


                    NeoPets mentioned right after those two. hehehe, *laff*
                    *grin*

                    @ bahbah : yeap just as I said, small sites won't matter, but of course logging into ssh and running an -f tail couldn't hurt as you should be montoring your server anyway.

                    Comment

                    • Dave#
                      Senior Member
                      • Jul 2000
                      • 1845

                      #11
                      Originally posted by TheForumHost.com
                      Unless your site gets millions of hits, You will be ok. Sites that would be targets in something like this would be like M$, sex.com and neopets
                      wrong

                      The type of server to get hacked will be the one with lots of virtual hosts not servers running big sites behind hardware loadbalancers
                      http://forums.cpfc.org/

                      Comment

                      • seanf
                        Member
                        • Jul 2002
                        • 89

                        #12
                        Originally posted by Dave#
                        wrong

                        The type of server to get hacked will be the one with lots of virtual hosts not servers running big sites behind hardware loadbalancers
                        I'd say they're more likely to go for large, high profile sites

                        Sean
                        SitePoint Advisor (seanf)
                        http://sitepointforums.com
                        Harry Potter

                        Comment

                        • Dave#
                          Senior Member
                          • Jul 2000
                          • 1845

                          #13
                          Originally posted by seanf
                          I'd say they're more likely to go for large, high profile sites

                          Sean
                          well your wrong

                          Zone-H.org statement about the announced defacement challenge

                          SyS64738 - G00db0y
                          07/02/2003

                          Zone-H.org statement about the announced "defacement challenge"
                          We at Zone-H have been informed about the oncoming "defacement challenge", a defacer contest that should happen July 6th in which defacers are challenged to deface as many as 6.000 in the shortest time as possible.

                          It is quite clear, judging by the sharp decrease of the defacement notifications occoured during the last days, that the crackers aren't at the beach but they are rather rooting possible targets without defacing them, so to be ready with a lot of ready-to-be-defaced targets to be used on the contest day.

                          Many news have been written about this contest, many of them they were reporting serious alerts about possible Internet service disruption. Those who wrote or reported such alert are obviously not aware about how a defacement is usually done.

                          Those who have a "trained eye" like Zone-H, when analizing the text reported on the defacement-challenge website (www.defacers-challenge.com) understood immediately that being the "rules" stating that there will not be any difference when counting a single defacement (single IP) or a mass-defacement (many domain names on the same IP) and the given time frame will be only six hours, what is mostly going to happen is that a lot of web hosting companies will be hit, instead than single servers belonging to different companies.

                          Due to this, we don't forecast any possible disruption in the Internet service as very little traffic will be generated.

                          In fact, a mass-defacement (even of several thousands domain names) is usually conducted opening a SINGLE connection to the attacked server. Once obtained either root/admin priviledges or webserver priviledges, a special defacement tool (maybe a perl script) is usually uploaded.

                          This tool reads from the webserver configuration files like httpd.conf and automatically substitutes all the main pages (index.html etc) of the hosted websites with the defaced one, doing the job of defacing thousands of websites in a matter of seconds.

                          Judging by the "rumors", we at Zone-H are forecasting an amount of attacks starting from anywhere around 20.000 and up.

                          As usual, Zone-H wants to render a service to the community so here is our advices for the sysadmins:

                          Defacers are usually looking for easy targets, mass defacers in a hurry (as they'll be on July 6th) are looking for even easier targets. All the webserver administrators must :

                          - download and apply all the possible official patches released by the software producers

                          - shut down all the unnecessary modules

                          - close all the unnecessary ports

                          - download one of the many vulnerability scanners and run a security check on their own system

                          Administrators managing their own private server shouldn't be concerned more than usual, while administrators who are managing servers of web-hosting companies should be VERY MUCH concerned.

                          It is unlikely that any server will be hacked July 6th. Most of the servers that will be attacked that day are most likely conquered by crackers a few days before the contest.

                          Due to this, the fact that you downloaded and installed the patches and shut down the unnecessary services is not enough. In fact it is very possible that a backdoor/rootkit has been installed by the attacker to prevent sysadmins to ban future access to their servers because of patching.

                          Considering this, we advice all the sysadmins to :

                          - check for any freshly added user in the userlist (shadow file, sam file etc.)

                          - check for any suspicious connection on the open ports.

                          - run a trojan/backdoor checking program.

                          - look for any suspicious shell program

                          We also want to remind that the most recently exploited vulnerabilities used by defacers are in the following packages/services:

                          - Openssl

                          - Samba

                          - Webdav

                          - Frontpage extension misconfiguration

                          - Aix ftpd

                          - Solaris telnetd

                          - Sendmail

                          - Wuftpd

                          - Proftpd

                          - Phpnuke (not for massdefacement but still a ever present one)

                          - OmniBack II

                          - Cpanel

                          We invite all the IT security online magazine to report this article so to better inform sysadmins about possible countermeasures.

                          SyS64738 - G00db0y www.zone-h.org admins
                          http://forums.cpfc.org/

                          Comment

                          • djnoz
                            Senior Member
                            • May 2003
                            • 206

                            #14
                            yes this is real. one of my host's servers got packetflooded the other day. though the focus is on defacing, hackers are goin crazy man. ddos is very easy to do so expect to see a lot of that too
                            Matt
                            Avatar Generator - The ultimate avatar and banner generation tool. It's a Google Image search mashup.
                            Christian Gaming - A forum for Christians who like video games.

                            Comment

                            • TheForumHost.com
                              Senior Member
                              • Apr 2003
                              • 206

                              #15
                              T-Minus 1 hour and 42 minutes

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...