Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: JamesV6CDX on 15 February 2010, 12:25:41
-
As some may know, I work in a web team (at the moment!)
We have a web server, at an ISP, hosting a number websites.
We have been compromised. a message on one of the sites, is - "hacked by muslim defacer" with a big skull and crossbones etc.
Looks like I'm in for a barrel of fun back at work - thankfully the server (incl security!) is managed by an ISP, so it doesn't fall on me to fix it...
-
As some may know, I work in a web team (at the moment!)
We have a web server, at an ISP, hosting a number websites.
We have been compromised. a message on one of the sites, is - "hacked by muslim defacer" with a big skull and crossbones etc.
Looks like I'm in for a barrel of fun back at work - thankfully the server (incl security!) is managed by an ISP, so it doesn't fall on me to fix it...
Which imo probably translates to "hacked by someone trying to stir up trouble - and blame the Muslims".
An anti-Muslim hacker.
-
Never good, I am still fighting off various port scan attacks.
Just becasue the page says he's muslim doesn't mean that he/she is, could be someone just wanting to either stir up antogonism or throw people off his scent should they come looking....
Just a thought.... ::)
-
As some may know, I work in a web team (at the moment!)
We have a web server, at an ISP, hosting a number websites.
We have been compromised. a message on one of the sites, is - "hacked by muslim defacer" with a big skull and crossbones etc.
Looks like I'm in for a barrel of fun back at work - thankfully the server (incl security!) is managed by an ISP, so it doesn't fall on me to fix it...
Which imo probably translates to "hacked by someone trying to stir up trouble - and blame the Muslims".
An anti-Muslim hacker.
I'm not really questioning who has done it and for what reasons (too much of a minefield)...
.... just letting off steam that I will have to do some work ;D
-
As some may know, I work in a web team (at the moment!)
We have a web server, at an ISP, hosting a number websites.
We have been compromised. a message on one of the sites, is - "hacked by muslim defacer" with a big skull and crossbones etc.
Looks like I'm in for a barrel of fun back at work - thankfully the server (incl security!) is managed by an ISP, so it doesn't fall on me to fix it...
Which imo probably translates to "hacked by someone trying to stir up trouble - and blame the Muslims".
An anti-Muslim hacker.
I'm not really questioning who has done it and for what reasons (too much of a minefield)...
.... just letting off steam that I will have to do some work ;D
Aah work, work work work work. I could sit and look at it for hours (© Mark Twain or somebody ...)
-
Never good, I am still fighting off various port scan attacks.
Just becasue the page says he's muslim doesn't mean that he/she is, could be someone just wanting to either stir up antogonism or throw people off his scent should they come looking....
Just a thought.... ::)
Are there any decent programs out there to monitor port access/attacks.
Yes I have my neighbers PC back, she bought a 3G dongle with an idea that it may log on with a different IP addy each time, she used it once and as she predicted she cant get online with it anymore. So am now wanting to monitor any possible access to her PC.
TIA. :y
-
Skruntie, a colleague at work mentioned something for this very purpose which is well rated - I will try and find out tomorrow for you :y
-
it beats me why people with the nowse to do this dont do something more constructive and productive for themselves..
-
it beats me why people with the nowse to do this dont do something more constructive and productive for themselves..
They do it for financial gain. One of the port scanners got in once and did the whole your computer is infected thing. Got rid of that and renewed by IP address.
@ Skruntie, unfortunately often the best way of defending yourself is to learn about hacking yourself. That way you can arm yourself when these kids try it on. I am a member of various Ethical Hacking Sites and I have access to tools which could be used against these kids. Alas ethics deny my that satisfaction, I am only allowed to hack my own networks :'(
-
Skruntie, a colleague at work mentioned something for this very purpose which is well rated - I will try and find out tomorrow for you :y
Very much appreciated James, any software that can help stop access to her machine may be of use. She has a bucket load of problems which may possibly even include her mobile and landline phones. She has been to the police several times but they are not interesyed, and will only pursue if she can get proof.
It does look like activity has taken place, but looking at log files at times seems to mean nothing unless you unstand what is written on them and of course what has written then, plus they may not be anything at all to do with be compromised.
-
If it was a Muslim, would that make them a Makkah Hacker?
-
I got banned from a muslim clothing store today......Dunno what the problem was?....All i said was do you sell bomber jackets???
I`ll get me coat..... :P
-
Skruntie, a colleague at work mentioned something for this very purpose which is well rated - I will try and find out tomorrow for you :y
Very much appreciated James, any software that can help stop access to her machine may be of use. She has a bucket load of problems which may possibly even include her mobile and landline phones. She has been to the police several times but they are not interesyed, and will only pursue if she can get proof.
It does look like activity has taken place, but looking at log files at times seems to mean nothing unless you unstand what is written on them and of course what has written then, plus they may not be anything at all to do with be compromised.
If the machine has been compromised then it doesn't matter how it connects to the internet - it will "phone home" as soon as it does and the malicious software will continue as before whatever the IP address, etc.
If you're interested in monitoring this, connect it to the internet via an old-fashioned 10base-T hub (not switch), connect another machine running Wireshark or similar to to another socket on the hub and watch what happens.
Otherwise, just flatten the machine and rebuild.
Kevin
-
Some muppet at our end enabled webdav with no authentication - hence the open pathway in >:(
-
Some muppet at our end enabled webdav with no authentication - hence the open pathway in >:(
Yep, that'd do it. :-X
-
Some muppet at our end enabled webdav with no authentication - hence the open pathway in >:(
Yep, that'd do it. :-X
Not to mention that "everyone" permissions were set on a number of site root folders >:(
Pay peanuts, get monkeys!
-
Some muppet at our end enabled webdav with no authentication - hence the open pathway in >:(
Yep, that'd do it. :-X
Not to mention that "everyone" permissions were set on a number of site root folders >:(
Pay peanuts, get monkeys!
I wonder if this muppet will be in a job by the end of the week? :o
-
Some muppet at our end enabled webdav with no authentication - hence the open pathway in >:(
Yep, that'd do it. :-X
Not to mention that "everyone" permissions were set on a number of site root folders >:(
Pay peanuts, get monkeys!
I wonder if this muppet will be in a job by the end of the week? :o
1) no way of really ID'ing who it was
2) Even if we did - it will be considered a "development need" and they'll get a shedload of training...
-
Some muppet at our end enabled webdav with no authentication - hence the open pathway in >:(
Yep, that'd do it. :-X
Not to mention that "everyone" permissions were set on a number of site root folders >:(
Pay peanuts, get monkeys!
I wonder if this muppet will be in a job by the end of the week? :o
1) no way of really ID'ing who it was
2) Even if we did - it will be considered a "development need" and they'll get a shedload of training...
Hmmm wrap them in cotton wool and hope they never do it again? Sounds like a sensible policy :-X
Mind you thinking about it, depends on how much has already been invested in their future....... ::) ::) ::)
-
I don't write the policies, unfortuntely :P