Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
2 users currently in General Chat: |
Acmlm's Board - I2 Archive - General Chat - wootest.net possible intrusion - temporary downtime | | | |
Pages: 1 2 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
User | Post | ||
Jesper Busy, busy, busy. Level: 69 Posts: 426/2390 EXP: 2856000 For next: 13743 Since: 03-15-04 From: Sweden. Since last post: 176 days Last activity: 79 days |
| ||
Just five minutes ago, the BloodBR pages started appearing again, like last time; this time suspiciously close to Drag's account setup. Drag, check your computer for spyware or keyboard loggers. I immediately pulled the cord on wootest.net and it will most likely stay down until tomorrow (about 10 hours from this post and forward). I just installed an intrusion detector a few weeks ago and I will check the logs to see what security holes need to be plugged. I suspect that, as above, this was caused by a keyboard logger or other spyware somewhere, and I'm definitely not excluding my own machine. I'm more and more leaning towards paid hosting from people knowing what they're doing. This includes a dedicated (virtual or otherwise) server, so if enough hostees agree that they could pay a smaller amount every year, that could materialize. I'll keep you posted as events warrant. |
|||
Drag Flurry I don't post anymore! o_O Level: 26 Posts: 144/254 EXP: 98946 For next: 3329 Since: 03-15-04 From: Deogon Vally, Dragon Country Since last post: 316 days Last activity: 44 days |
| ||
I was wondering what was happening when I couldn't upload anything. When and where did the pages start appearing? I tried uploading something around 6:19 (board time) or so. Edit: Well, we know when, but where? I'll need to do a scan, it might have been me. (edited by Drag on 06-12-04 06:27 PM) |
|||
ismannen Koopa Level: 18 Posts: 95/111 EXP: 28584 For next: 1313 Since: 03-15-04 From: tHE InTERNetS! Since last post: 70 days Last activity: 70 days |
| ||
OmFG lol you've been h4Xxx0rd lololololol!111 Otherwise, it's a pain in the ass. |
|||
Jizuko Jiz Is The Magic! This board has run out of mana and can no longer use The Magic Level: 51 Posts: 386/1191 EXP: 1004683 For next: 9255 Since: 03-15-04 Since last post: 230 days Last activity: 213 days |
| ||
God I hate those people that try to be cool by destroying someone elses work. They did it to my schoolserver too, replacing all index files with their shitty ones with that assugly logo they make. Unfortunately, sometimes you don't have backup on all the index files Do you know where you'd get that hosting jesp, and what can you offer to your clients? Because I'm currently looking for a host, I have found one that looks good for like 160kr for a year but I like to check all options |
|||
Drag Flurry I don't post anymore! o_O Level: 26 Posts: 145/254 EXP: 98946 For next: 3329 Since: 03-15-04 From: Deogon Vally, Dragon Country Since last post: 316 days Last activity: 44 days |
| ||
I cannot find any spyware nor a keylogger, so it is likely to not be a problem with my machine. What I think we should do is when the server is back up and running, PM me here, and I'll get on aim and contact you. When we do this, you monitor the server for another BloodBR attack, and I'll upload something. If it happens again, then I'll do a deeper scan and use a different ftp program. But if this were a problem with me, wouldn't the bloodbr pages appear in my folder, since that's what I was in when trying to upload? Also, the ftp program wasn't able to upload the file at all. If this were me, it probably would've happened after I uploaded the file. The file was a png image, by the way. Another thing, when this happened before, did you find where it was coming from? I suggest you disallow anonymous connections on your ftp server. I don't know if it was enabled or not, but ensure that it is disabled. I apologize in advance if this turns out to be a problem on my end. |
|||
Jesper Busy, busy, busy. Level: 69 Posts: 428/2390 EXP: 2856000 For next: 13743 Since: 03-15-04 From: Sweden. Since last post: 176 days Last activity: 79 days |
| ||
This attack did not seem to alter any index files but instead rewire them towards the, and I quote, assugly page in question. I haven't been able to check the computer yet, but I just set up a minimal web server on my PowerBook G3. Until the problem is fixed, all web requests (meaning pages or stuff hosted on wootest.net via HTTP) will redirect to that, including 404s, so as to not hold up loads on for example the board. The page states maintainance so we're not giving away details to the fucknut in question. A google search turned up a divx forum posting claiming someone that had done research showed it's just a brazilian amateur. The same thread also says "Every target he has hit has been the softest of the soft targets." which I'm afraid includes my server. I'm seriously considering going back to Windows 2003 Server; not because it's inherently more secure or lightweight, but because I know my way around Windows way better than Linux, I know how to tighten security better on Windows than Linux and Windows 2003 Server has an option to automatically install security fixes as they become available. This will probably be the path I'll take when time warrants (probably being tomorrow, but I'm not guaranteeing it). |
|||
Xkeeper The required libraries have not been defined. Level: NAN Posts: -4106/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
Listing of recent attacks by BloodBR Hi, wootest.net. Yep, there you are. wootest.net. It seems that almost all of the systems they do that to are on Linux... good luck going to W2003 (edited by Xkeeper on 06-12-04 07:59 PM) |
|||
Jesper Busy, busy, busy. Level: 69 Posts: 429/2390 EXP: 2856000 For next: 13743 Since: 03-15-04 From: Sweden. Since last post: 176 days Last activity: 79 days |
| ||
Originally posted by XkeeperThat's because he's a scriptkiddie. He probably has a set list of exploits that he's abusing for all he's worth (not much). |
|||
Xkeeper The required libraries have not been defined. Level: NAN Posts: -4094/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
Ah. Well, if there's still access to the database for you, change all the wootest.net links to something else [comment them out mabye? Something, please] because it tends to hang with loading for some reason [never finishes] Bleh. Mabye replace wootest.net with about:blank or something... least it wouldn't try and load it much |
|||
Yoshi Dude XKEEPER STOLE MY CAR KEYS Level: 79 Posts: 821/3271 EXP: 4572680 For next: 6787 Since: 03-15-04 From: give me a number folks. Since last post: 3 hours Last activity: 2 hours |
| ||
This guy again.. would it be wise, when you load up wootest again, to backup all files? Would he be able to do worse stuff? Heh.. when people were saying Drag ruined wootest, I thought it was another joke. XD |
|||
Emptyeye Real American Level: 67 Posts: 221/2273 EXP: 2488421 For next: 104451 Since: 05-24-04 From: I DUNNOOOOOOOO!! Since last post: 9 hours Last activity: 4 hours |
| ||
Originally posted by Xkeeper I just find it amusing that Linux fanboys are all "LOL @ WINDOZE IT R TEH SECURITY FKitten Yiffer!!1!" when Linux comes out of the box more open than Britney Spears's...um...box. And I don't think it's an "exploit" so much that Linux, as I mentioned, comes wide open out of the box, and he's probably taking advantage of that. |
|||
JDavis Trick or Treating Local Mod Affected by 'Halloween Syndrome' ++ Level: 44 Posts: 119/815 EXP: 568676 For next: 42609 Since: 03-15-04 From: Ada, Oklahoma, USA Since last post: 5 hours Last activity: 4 hours |
| ||
Of interesting note, his recent attack on primetimetv.net he left, instead of the assugly page, a simple text message including his email, bloodbr@hackermail.com Email spam, away! |
|||
Drag Flurry I don't post anymore! o_O Level: 26 Posts: 146/254 EXP: 98946 For next: 3329 Since: 03-15-04 From: Deogon Vally, Dragon Country Since last post: 316 days Last activity: 44 days |
| ||
Well, I'm hoping all of this means that I didn't fark up wootest. ...WHO said I ruined wootest?!? Seriously, I'd never intentionally ruin wootest in my life. Well, if it's easier for you, definately go Windows. At least you'll be able to secure stuff. (Hopefully my account will still be there.) People who hack like this must be compensating for something. Good luck on all of this stuff. (I'm still hoping that it was just a coinsidence that it was suspiciously close to my account creation time. ) |
|||
Xkeeper The required libraries have not been defined. Level: NAN Posts: -4092/-863 EXP: NAN For next: 0 Since: 03-15-04 Since last post: 2 hours Last activity: -753366 sec. |
| ||
Compensating for something? Intelligence, mabye? |
|||
Craig3410 Paragoomba Level: 15 Posts: 30/76 EXP: 16178 For next: 206 Since: 03-16-04 From: Fayetteville, AR Since last post: 4 days Last activity: 4 days |
| ||
I'm thinking "luck with women". But that's just me. Doing a google search on his name, it seems like he does this just for the hell of it and after one time, it's back to normal. Looking at the Zone-H page, it seems about 95-98% of his attacks are on Linux. If you're thinking of switching from Linux to Windows, do it, but if you're doing it just because of this, it doesn't seem worth it. (edited by Craig3410 on 06-12-04 11:53 PM) |
|||
Colleen Administrator Level: 136 Posts: 1914/11302 EXP: 29369328 For next: 727587 Since: 03-15-04 From: LaSalle, Quebec, Canada Since last post: 3 hours Last activity: 1 hour |
| ||
Aiyiyi, and just as I was starting the great Euro 2004 diary too... I'll just save stuff in a .txt file for the time being. No worries, Jesper - I totally understand. And if you decide on hosting, I'll send a money order or something to you ASAP. |
|||
HyperLamer <||bass> and this was the soloution i thought of that was guarinteed to piss off the greatest amount of people Sesshomaru Tamaranian Level: 118 Posts: 952/8210 EXP: 18171887 For next: 211027 Since: 03-15-04 From: Canada, w00t! LOL FAD Since last post: 2 hours Last activity: 2 hours |
| ||
Originally posted by Drag Something in their pants. By 'check for keyloggers' did you mean people who had FTP access, or people who visited the page? If they use IE, the page could have downloaded one to their system. |
|||
FreeDOS Lava Lotus Wannabe-Mod :< Level: 59 Posts: 512/1657 EXP: 1648646 For next: 24482 Since: 03-15-04 From: Seattle Since last post: 6 hours Last activity: 4 hours |
| ||
Most people who crack Linux boxes do so because they exploit system administrators, not Linux itself. Linux is extremely secure. Unfortuanetely, it cloned UNIX a little --too-- much in the sense of default security flaws. Open root accounts that go unnoticed by many, for example. I'm not saying that Linux is perfect and uncrackable when all proper measures are taken, of course. Because it's not. |
|||
Jesper Busy, busy, busy. Level: 69 Posts: 430/2390 EXP: 2856000 For next: 13743 Since: 03-15-04 From: Sweden. Since last post: 176 days Last activity: 79 days |
| ||
Originally posted by HyperHackerYou mean something NOT in their pants.Originally posted by Drag I mean anyone that logged in recently. If I had a hole in any system-critical process you could theoretically log in over SSH (which is disabled now) with the stolen password and gain access somehow. Originally posted by FreeDOS"Linux is extremely secure." And so's Windows 2003 Server (with current hotfixes applied, ofcourse) and Mac OS X Server. What's your point? An OS can only be so secure "out of the box". A good OS will let you mess around and will inevitably lead to you opening up MORE holes. This is probably what happened with my box. I'll start up the box now and look what's been damaged. If it turns out that something critical is changed - such as the root password - and I can't repair it (I should be able to) - I'm afraid there will be more downtime as I'll reinstall this shit again (or switch to Windows). Otherwise, I'll continue to use the current setup as SSH is now blocked from the internet. It'd now be theoretically IMPOSSIBLE to get in over the internet unless some other security hole was opened. |
|||
Wyv Shyguy Level: 16 Posts: 35/87 EXP: 18530 For next: 1726 Since: 05-30-04 Since last post: 467 days Last activity: 339 days |
| ||
How is that page ass ugly? That TV thing is actually really sweet looking. |
Pages: 1 2 | Add to favorites | "RSS" Feed | Next newer thread | Next older thread |
Acmlm's Board - I2 Archive - General Chat - wootest.net possible intrusion - temporary downtime | | | |