Mail & Guardian Online website offline after hacker attack
The M&G Online website is now offline in the wake of an attack by Russian hackers
Mail & Guardian Online website offline after hacker attack
Mail & Guardian Online website offline after hacker attack
The M&G Online website is now offline in the wake of an attack by Russian hackers
damn russianssss !$*&^$
I sympathize with the MG Online. Certainly not pleasant to face these attacks, and wastes so much time to fight it. Not much different from normal crime people face in South Africa
I hope they die of vodka poisoning :P
They gained *root* access? Ouch, that doesn't sound like a very secure setup.
i noticed alot of people were trying to hack my server via ssh. almost three times a day, ip addresses of the attackers were from china and some east european countries. but i block ssh now and since then no troubles.
If i was president thier shall be be free unlimited wifi for everyone
There is always a way. People will always find an exploit etc. Sometimes it could take months.Originally Posted by superfly
I do not think mg.co.za was targeted by the hackers.
MG is hosted in the US on UltraDNS.net.
About 2 years ago UltraDNS became the target of a large number of Ddos attacks. Other services, such as Amazon.com and many more were brought down by the Ddos attacks on UltraDNS.
I just think that MG was in their way and the hackers chose their IP and attacked the server.
BlockSSHD
to stop pesky SSH brute-force login attacks.
Christ-mass is NOT for Christians. Jeremiah 10.Is the 10 Commandments for Christians?
Saturday is the Seventh day, Sunday is the first day.
Shmiert Shpammer
Geez, only two good things about Russia, their Brides and Vodka.
denyhosts is also an awesome app
denyhosts.sourceforge.net/
I noticed last week when I tried to access MG that I got java poping up trying to install something and then microsoft security essentials went crazy trying to to block it.
You are an idiot, if you fail to hear the OBVIOUS difference between Third Eye Blind and Blessid Union of Souls you do not deserve to live.
Netcraft's "what's that site running" shows that until a few days ago they were running a version of Apache that was 2 and a half years old, which implies that they probably don't keep their systems up to date in general, which implies that their IT sucks. Even Microsoft can keep their website up, and Microsoft are not known for having top-notch security. Guys like Google, News24 etc. can keep their sites up.
The fact is ALL websites are continually under attack from hackers. All of them, all the time. Most attacks are automated. If your IT sucks, you will suffer.
Unfortunately it's very hard finding good IT people, especially in South Africa, the quality of the graduates from our universities is *****ing terrible, and the small number of smart folks that manage to come out with skills in spite of how bad the system is, leave for greener pastures overseas.
I don't sympathize with their IT. I do sympathize with Mail and Guardian in that they probably have a hard time finding good IT people, and end up having to rely on morons, 'cos that's the best that's out there.
Could have seen this coming! The other day when they had that hack whereby they distributed that spyware (cant remember the details, but was in a M&G article, lol), I fingerprinted their web server and it was running php 5.2.6'ish ... a 2-year old version, I think... Chances are the apache it was running on was just as old. Apache/PHP old versions aren't known for being super secure. The only surprise here is that it wasn't hacked earlier!
Technically yes; in practice, no, there isn't really "always a way"; if there was, all major websites would be frequently down from attacks.
99% of hacking uses known exploits, which can be prevented relatively "trivially" by any admin with half a brain by simply keeping all systems up to date, and following bulletins of the latest exploits.
90% of hacking is automated. All sites are continually under attack. If your software is up to date, and you don't have any other obvious stupid holes, you can sleep easy at night, it won't take "months", it will take "indefinitely", because an automated hack targeting a patched exploit can go on for years with no problem - it's not a matter of time, it's a matter of "either you're vulnerable or you're not", i.e. "either the attempt will succeed the very first time, or it will never succeed" (the only type of target hacking attempt that might really go on "months" would be things like brute-force password checks, which can also be easily circumvented by even a half-competent IT admin: Use strong passwords ALWAYS, and turn off password login on services like SSH). It is naive IT admins who see these attempts in their logs and go "oh n0e5 we're under attack!" ... um, nope, it's just some automated script looking for known exploits that you should've patched.
0.1% of hackers actually try find new exploits, and it's rare to see these be used. Also, if you're worth your salt as an IT admin, newly published exploits won't cause major problems either, because you just keep on top of the patches and go on your way. If the site gets hacked, restore from backup, and continue on your way.
The only hacking that is truly difficult to prevent is those that use unpublished new exploits. That is such a tiny minority, and the people doing that are usually farming their skills out to criminal enterprises. I doubt they care about Mail and Guardian specifically.
Last edited by Tick; 26-01-2011 at 01:31 PM.
If you can't find someone who can keep your systems patched, you really haven't tried looking hard enough. You don't need "good IT people" for that, you just need someone who's not functionally retarded and who doesn't try and eat the keyboard keys, thinking they're sweeties.
Reply With Quote
Bookmarks