PowerCum

As all you know, the hacking competition was about to start tomorow. Unfortunately, some people have decided to start it before.

Here are some of the results:

http://zone-h.org/en/defacements

Let the games begin!

__________________
CjOverkill Traffic Trading Script
Free, secure and fast traffic trading script. Get your copy now

Theo

i challenge these punks to hack my domain www.sleazydream.com

they cant,they all suck

KRL

OMG - fucking unreal.

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

Dildozer

i wish they'd deface something of political value

__________________
Spam link here

Brown Bear

Those sites are booooooring!

__________________
Surrender all your independent thinking and Click Here for re-programming.

VideoVoyeur

Unless I actually SEE a site defaced, or its on the national news I dont believe shit.

Too many kids will screenshot a site and then go into adobe photoshop and say they defaced it.


Fuck that I want to know its real...

VideoVoyeur

http://www.embavenez.cl/

that site was supposedly hacked, go look at it, all the retard did was make comments on the comment voard heh...

Dildozer

the ones at the top were working well and were really defaced

__________________
Spam link here

VideoVoyeur

BTW thats the Embassy of Chile, I dont think its been hacked 8))

VideoVoyeur

that one was at the top of the list man.

Here, lets go both signup at it, and then post that we hacked it... Think they'll believe it?

KRL

Go to http://www.CoolPetSites.com and then click some of the links on the left for site sections. They've been defaced.

Awful. Just awful. The Net was not meant for this.

__________________
If you would like to develop your domains, you can lease inexpensive foreign labor
from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!
*** *** *** *** *** *** *** *** *** *** *** ***
Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

VideoVoyeur

People who hack well, dont post messages on a board, now lets see someone hack GFY and when you come here all you see is a black screen with someone who wrote

"FUCK YOU" in 12 size font...


All that guy did was post on their bulletin board, hell, I can do that too...

VideoVoyeur

Yea, see thats a real defacement, not some idiot posting on a board heh

Theo

i defaced zillion sites back in 99 without even having amazing skills. You cant imagine how many of them had the standard frontpage password.

VideoVoyeur

That LinuxO guys hasnt defaced shit hes just finding sites with boards and saying that posting is defacement heh

PowerCum

Well, the real competition is tomorow.

There are some other groups that will join the fun tomorow. And there are at least two groups that have at least a 250 sites pool (per group) ready to be defaced... but this will be tomorow I think

As the contest involves mainly web page change, I think it will not harm very much.

__________________
CjOverkill Traffic Trading Script
Free, secure and fast traffic trading script. Get your copy now

ServerGenius

No harm done? Any hack causes damage and a shitload more
than the hacker imagines....white hat, black hat it's all the same.
When a box is being compromised it costs money. The box needs
to get cleaned/reinstalled because who assures the victim that
only his webpage has been defaced? This costs time, money,
causes bad publicity, damages reputation and often causes
people to lose their jobs. Now please explain me once more that
there is no damage being done defacing a webpage

DynaMite

__________________
| http://www.sinnerscash.com/ | ICQ: 370820 | Skype: SinnersCash | AdultWhosWho |

NetRodent

It isn't a hacked box that costs money, its a hackable box. A defacement is merely a wakeup call. Would you prefer to have real security or the illusion thereof?

__________________
"Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats."
--H.L. Mencken

PowerCum

I meant that the contest does not contemplate server data destruction (something like rm -rf /*).
Also, I don't give a fuck if someone loses his work because he does not protect the servers he administrates. There has been long time discussion about this. My personal opinion is that if the admin is unable to make the convenient upgrades, fixes and a decent config he does not have to work as an admin.
Now is when you jump ad say something like "you cannot protect yourself from 0day (zero day) exploits". This is wrong too, you can if you know how does a program, system and CPU work at low level. Also you can make lots of configs that will minimize the attack. Antd if you are skilled enought, you can completely disable any kind of overflow attack (involves system kernel hacking and some performance impact), after that you will only be vulnerable to your own configuration bugs.

About that you have to format the entire box after a defacement... well, if you web server is installed as it must be installed and not just by hitting the rpm package install button or by running ./configure; make; make install, then you would not need to reformat the entire box just because someone changed your home page (if he can do that after a proper setup).

Most admins around just hit the RedHat or BSD install button, then install webmin and some extra tools and forget about the box untill it dies or someone hacks it. Then the admin says something like "damn hackers" without even realizing that his box was vulnerable to bugs reported about 6 months ago. And I am pretty shure the 99%, just because I don't like to say 100%, of the normal servers around that all the companies offer here to host your stuff have a default installation (with default kernel and system setup with all the stability, perfomance and security impacts this carries), and from time to time the admin just hits the update button.

I am linux developer and I also have an maintain my own linux distribution (one of the few linux distros with C2+ compliant security), so I think I know something about how does a standard linux distro look and how does one with a decent setup and config look. Also I am pretty shure some of the admins will be unable to administrate a system with a decent security policy.

If you do not like hackers, that's your problem. I love them. When my system is under a good hacking attack I enjoy looking on how they do it and the methods they try.

Also if you have a spare box, I recommend you to setup a honeypot and have a look at it, that's the best way to see how do attackers perform and what they usually do on your box.

Of course, In the adult industry the security is almost zero. And when people report security bugs, then they get bashed because they do report a bug. The only thing that you get in exchange is no more security reports about your sites or your products untill some 16 years kid decides to exploit these bugs and have some fun. I talk from my own experience. Some time ago I reported a bug to a TGP script. The author bashed on me and did not fix the bug (even when I provided him with a patch for that specific bug). Of course, the version that bug affected never had an official patch released (it was a free version, but the next version was intended to be paid). Some time after that the author reported that lots of sites using that software were hacked probably using the bug I reported (any 16 years kid with some security knowledge would see that bug). The same bug affected some of the other services this person was offering as it was in the auth scheme he used in his software. All I got were bashes and a bann from him.
Now how do you expect me to report a security bug to you if I find some security flaw into your site or your software? No way, I keep it for me, and share it with who I decide or with the best bidder. No joke here, when someone reports a security bug tell him at least "thank you", after all this person has spent his time reviewing your product.

These hacking contests are good, Think it in this way... you get a free security test on your system.

__________________
CjOverkill Traffic Trading Script
Free, secure and fast traffic trading script. Get your copy now

Xplicit

As long as all they do is make some little homepages changes, who cares?

They're basically showing people what needs to be patched, for FREE.

Pipecrew

why would they deface a site like this?

http://www.ottawacea.com/

loverboy

is there a way to prevent such attack on a Linux/Win2k Server?

MattO

Yea it's interesting how so many of the "defacements" were just shit posted to message boards. Probably sites who never changed their script defaults.

It will be interesting to see in the end the OS battle.

hottoddy

It looks like they only defaced a bunch of lame sites that were already known to be hackable.

MattO

Oh no! This thread is on their "defacements on hold" page!

Shit!

We've been h4x0r'd!!

Damian_Maxcash

As far as I can see.... dont use PHP Nuke

blackmonsters

Too fucking true!!!!
Most hacking can be stopped by adding patches that are published all over the place. But dumb assed arrogant admins that don't know about them call people fuck wads when they actually report it months before they get hacked.

Then they try to email you like "now what was that you were saying before".

At that point do you really give a shit? No! I don't for sure.

__________________
Get paid, get tools, get going with Camsoda

Join Chaturbate get your cut of the pie

PowerCum

Yes, there are several ways.
Of course, all the methods require a skilled admin.
The other method is hiring a monkey to stay 24/7 in front of the server and watch the logs in real time, then deny all the bad connections from the firewall. Most admins do exactly the same that the monkey could do, with the only difference that they cannot even do that efficiently.

If you want some special security setup, then contact me on ICQ 171216535 . I will start with the developement and assembly of the new version of my linux distro in some weeks (perhaps one month, depends on my needs), so if you want some special software to be added don't hestiate in contact me

__________________
CjOverkill Traffic Trading Script
Free, secure and fast traffic trading script. Get your copy now

volante

If someone breaks into your house and paints your living room bright green while you're out, do you say to yourself "Shit! It's all my fault 'cos my security system wasn't good enough"?

PowerCum

If he only paints and does not break things, I would not only say "my security system is a crap and needs to be upgraded" but I also would thank him for showing me that my security system is crap. Also I have seen no one fuckin house security system that lets everyone to enter without even need of a key or special tool.
If your site can be defaced only by using a browser (lots of bugs do not need tools to be exploited), then it's the same as leting your house doors and windows open while you go out, and if your site has visitors, then in comparison a tourist touring service also passes through the street near your house all the time (20k site... 20k tourists passing on the sreet around your house).

Also, I think admins must administrate the servers they are suposed to administrate, and not go out.

How would you feel if you knew that your bank computer systems are vulnerable to security bugs reported 6 months ago but their admins do not give a fuck and don't patch them, so anyone could access to your bank account and transfer a random amount of $$$ to his own account?
If you have a server that hosts you, it's not very different, after all that server makes the money (or helps to make it) you get in your bank account.

__________________
CjOverkill Traffic Trading Script
Free, secure and fast traffic trading script. Get your copy now

volante

What's your address?

PowerCum

What's your server?

Also I prefer some light blue or white paint.

My address is on some theread here on GFY... dig and you'll find it.

__________________
CjOverkill Traffic Trading Script
Free, secure and fast traffic trading script. Get your copy now

lEricPl

Linux (59.3%)

Win 2000 (18.5%)

FreeBSD (11.1%)

Unknown (7.4%)

AIX (3.7%)





Windows Hater? -