Website Defacement :: !!! GRRRRRR

Tell me about it. Had an attack a while ago. They lame ass as well. They usually target CMS based sites, like Joomla, because they found an exploit in a particular version of a package, and "Hack" a website with their "awesome" skills. Meanwhile, it is a known exploit that just needs to be patched really.

They list it, as if they've hacked some super secure defence system, but yeah. We had a joomla website, that had a simple back door that was left open without being aware it was there. Version 1.5.0.3 or earlier, if I remember correctly. Allowed the malicious types to gain access to the backend of the Joomla system, and cause any havoc they like. Backups are awesome things in this regards. Then proceeded to patch the problem.

Turned out, after much research into the attack, said person was merely a script jockey at some turkish university! One email to IT head honcho, giving him logs of the access etc, and said script jockey was on streets with little to show for his wasted efforts at uni. Apparently a common issue that they deal with at the universities over there.
 
If you leave your front door open, and someone comes and steals all your stuff... who let them in?

These script kiddies go for the low hanging fruit, and as a lazy admin, you were it.
 
Hey daffy

I agree.. I am no admin though... The admin is an overpaid Linux-guru who is currently thwacking away at his shell trying to get all peachy again! He assured me that Linux is more secure than curtains...

* rollz eyes *

Now it is the backup, restore downtime and irritation!!!!!!!!!
 
Have a friend who did Certified Ethical Hacking, it seems very easy to deface/bring down a website. These are lazy f$#^&@ who just want to get a kick out of it. By patching and staying up to date, a vast majority of these attacks will be prevented.
 
Yup Peder...

I concur... WHY?

Same as those inane taggerz out there... give them a can of spraypaint and these little gods go and deface some wall.

Saying nothing.
Not adding anything.
Nothing.

Just a patch of gunk on a wall.

Same with these website nappy-scriptors.

What could the possible gain be??
 
@ Daffy, the door wasn't an admin problem at all, but a programming issue, that was exploited. The patching was not done on the live system, because the patch broke certain functions of the site, and was thus being tested, when the moron used it. We recovered in a matter of minutes!

As to why, I think the website he lists his "kills" on is why. It drives his ego, so he can boast to his friends what a super duper hacker he is. He isn't getting anywhere into my server unless there is another exploit found in the CMS being used. Even then, CMS is sandboxed, so he can't do anything to my server, he can merely deface my website. And that is what backups are for.
 
Veroland said:
And what is worse, there is servers and sites outn there where it is legal to test your hacking skills on. But that servers are problably to difficult for the script kiddies who think they are cool
Click to expand...

Most probably, its actually sad, all comes down to ego...
 
That's very disturbing!
I am in the process in putting up my first website ever for my business. Quite scared now. Will be a very basic info only thing. Any tips on how to avoid this kind of thing?
 
I am told that there are backups...

* Thwack thwack on the speakerphone *

I am told that the server is being updated and patched

*Thwack thwack thwack on the handset speaker *

I am told that there is no major compromise... but enough to take the whole shebang offline... (for patching)...

I am told a lot of things. I believe not much of what I am told. I can hear a lot of keyboard tip-tapping on the phone though. A LOT of it.

* sighs * at least the email server has been restarted.

Why do we rely so heavily on "this" internet? Why can we no longer function without having access to it? Why can I not just wander off onto the horizon and contemplate cabbages and fings?

*Sighs *
 
Last edited:
graviti said:
Turned out, after much research into the attack, said person was merely a script jockey at some turkish university! One email to IT head honcho, giving him logs of the access etc, and said script jockey was on streets with little to show for his wasted efforts at uni. Apparently a common issue that they deal with at the universities over there.
Click to expand...

I love it :D:D:D:D

Why attack other people's sites to show your alleged skills? I don't get it.

Especially not if you can lose your job because of that.
 
graviti said:
@ Daffy, the door wasn't an admin problem at all, but a programming issue, that was exploited. The patching was not done on the live system, because the patch broke certain functions of the site, and was thus being tested, when the moron used it. We recovered in a matter of minutes!
Click to expand...

Ah, so you only left the door open for a few minutes?

That's why people have separate development/testing environments from their production systems.
What you've just been through isn't new, and loads of people have come up with best common practices to make sure these things don't happen...
 
kilobitsperyear said:
Hey daffy

I agree.. I am no admin though... The admin is an overpaid Linux-guru who is currently thwacking away at his shell trying to get all peachy again! He assured me that Linux is more secure than curtains...

* rollz eyes *

Now it is the backup, restore downtime and irritation!!!!!!!!!
Click to expand...

Bwahahaha

I love it when lazy admins get pwned :D

Linux is secure, yes, but only if you have no back-doors or exploits open... Same as Windows.
 
avdp said:
That's very disturbing!
I am in the process in putting up my first website ever for my business. Quite scared now. Will be a very basic info only thing. Any tips on how to avoid this kind of thing?
Click to expand...

If it's a very basic info only, then it should be secure (but no guarantees can be given).

Make sure that there is no write access from outside. Also, ensure that you cannot enter bogus links or URLs in the web browser as well.

Keep a current backup of the site - so when the graffiti hits the wall, you can restore in a matter of minutes.

The iffy stuff starts when you have a dynamic site with an SQL back-end (such as wantitall.co.za) as SQL injection is a huge problem.


Smart sysadmins will make use of DMZ and separate the critical services from each other so the hacker will have great difficulty in exploiting a weakness in one service to attack another service.
 
Personally I have set up a web server plus FTP server - on a DMZ - for my company, and it never got hacked. It used Linux.

Cue the day when they outsourced it to somebody else - and it got hacked two weeks later (on Windows) :D
 
The_Librarian said:
Personally I have set up a web server plus FTP server - on a DMZ - for my company, and it never got hacked. It used Linux.

Cue the day when they outsourced it to somebody else - and it got hacked two weeks later (on Windows) :D
Click to expand...

Windows is easier to use but has soo many more loopholes...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X