Mail & Guardian Online website offline after hacker attack

I sympathize with the MG Online. Certainly not pleasant to face these attacks, and wastes so much time to fight it. Not much different from normal crime people face in South Africa :(
 
They gained *root* access? Ouch, that doesn't sound like a very secure setup.
 
i noticed alot of people were trying to hack my server via ssh. almost three times a day, ip addresses of the attackers were from china and some east european countries. but i block ssh now and since then no troubles.
 
I do not think mg.co.za was targeted by the hackers.

MG is hosted in the US on UltraDNS.net.

About 2 years ago UltraDNS became the target of a large number of Ddos attacks. Other services, such as Amazon.com and many more were brought down by the Ddos attacks on UltraDNS.

I just think that MG was in their way and the hackers chose their IP and attacked the server.
 
denyhosts is also an awesome app

denyhosts.sourceforge.net/


I noticed last week when I tried to access MG that I got java poping up trying to install something and then microsoft security essentials went crazy trying to to block it.
 
They gained *root* access? Ouch, that doesn't sound like a very secure setup.

Netcraft's "what's that site running" shows that until a few days ago they were running a version of Apache that was 2 and a half years old, which implies that they probably don't keep their systems up to date in general, which implies that their IT sucks. Even Microsoft can keep their website up, and Microsoft are not known for having top-notch security. Guys like Google, News24 etc. can keep their sites up.

The fact is ALL websites are continually under attack from hackers. All of them, all the time. Most attacks are automated. If your IT sucks, you will suffer.

Unfortunately it's very hard finding good IT people, especially in South Africa, the quality of the graduates from our universities is *****ing terrible, and the small number of smart folks that manage to come out with skills in spite of how bad the system is, leave for greener pastures overseas.

I don't sympathize with their IT. I do sympathize with Mail and Guardian in that they probably have a hard time finding good IT people, and end up having to rely on morons, 'cos that's the best that's out there.
 
Could have seen this coming! The other day when they had that hack whereby they distributed that spyware (cant remember the details, but was in a M&G article, lol), I fingerprinted their web server and it was running php 5.2.6'ish ... a 2-year old version, I think... Chances are the apache it was running on was just as old. Apache/PHP old versions aren't known for being super secure. The only surprise here is that it wasn't hacked earlier!
 
There is always a way. People will always find an exploit etc. Sometimes it could take months.

Technically yes; in practice, no, there isn't really "always a way"; if there was, all major websites would be frequently down from attacks.

99% of hacking uses known exploits, which can be prevented relatively "trivially" by any admin with half a brain by simply keeping all systems up to date, and following bulletins of the latest exploits.

90% of hacking is automated. All sites are continually under attack. If your software is up to date, and you don't have any other obvious stupid holes, you can sleep easy at night, it won't take "months", it will take "indefinitely", because an automated hack targeting a patched exploit can go on for years with no problem - it's not a matter of time, it's a matter of "either you're vulnerable or you're not", i.e. "either the attempt will succeed the very first time, or it will never succeed" (the only type of target hacking attempt that might really go on "months" would be things like brute-force password checks, which can also be easily circumvented by even a half-competent IT admin: Use strong passwords ALWAYS, and turn off password login on services like SSH). It is naive IT admins who see these attempts in their logs and go "oh n0e5 we're under attack!" ... um, nope, it's just some automated script looking for known exploits that you should've patched.

0.1% of hackers actually try find new exploits, and it's rare to see these be used. Also, if you're worth your salt as an IT admin, newly published exploits won't cause major problems either, because you just keep on top of the patches and go on your way. If the site gets hacked, restore from backup, and continue on your way.

The only hacking that is truly difficult to prevent is those that use unpublished new exploits. That is such a tiny minority, and the people doing that are usually farming their skills out to criminal enterprises. I doubt they care about Mail and Guardian specifically.
 
Last edited:
I don't sympathize with their IT. I do sympathize with Mail and Guardian in that they probably have a hard time finding good IT people, and end up having to rely on morons, 'cos that's the best that's out there.

If you can't find someone who can keep your systems patched, you really haven't tried looking hard enough. You don't need "good IT people" for that, you just need someone who's not functionally retarded and who doesn't try and eat the keyboard keys, thinking they're sweeties.
 
Chances are the apache it was running on was just as old. Apache/PHP old versions aren't known for being super secure. The only surprise here is that it wasn't hacked earlier!

Yup. Their Apache was 2 and a half years old. WTF.
 
this might not have occurred to some of you, but the attacker always have more time VS the defender of a site.

i could for example spends hours and hours trying to get into myB VS the it/sysadmin's time available. there is in the end always a way in and you can only do so much to prevent it.

no system is 100% secure 24/7. you just need to find it and exploit it, even if it means a little social engineering to get in...

:edit
one would think that the practice of honey potting is still being used by some at least ?
 
Last edited:
Ouch! I hope they get things sorted soon. One of the better local news sites, imo.
 
Good idea to run Apache and PHP in a chroot jail too.
That way even if you do get hacked the hackers don't get root access.
 
Back
Top