You do not want your site to be on this list

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • PowerCum
    CjOverkill
    • Apr 2003
    • 1328

    #1

    You do not want your site to be on this list

    As all you know, the hacking competition was about to start tomorow. Unfortunately, some people have decided to start it before.

    Here are some of the results:

    http://zone-h.org/en/defacements

    Let the games begin!

    CjOverkill Traffic Trading Script
    Free, secure and fast traffic trading script. Get your copy now
  • Theo
    HAL 9000
    • May 2001
    • 34515

    #2
    i challenge these punks to hack my domain www.sleazydream.com

    they cant,they all suck

    Comment

    • KRL
      Entrepreneur
      • Oct 2002
      • 31429

      #3
      OMG - fucking unreal.
      If you would like to develop your domains, you can lease inexpensive foreign labor
      from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!

      *** *** *** *** *** *** *** *** *** *** *** ***
      Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

      Comment

      • Dildozer
        Confirmed User
        • Jul 2002
        • 7519

        #4
        i wish they'd deface something of political value
        Spam link here

        Comment

        • Brown Bear
          Confirmed User
          • May 2002
          • 4982

          #5
          Those sites are booooooring!
          Surrender all your independent thinking and Click Here for re-programming.

          Comment

          • VideoVoyeur
            So Fucking Banned
            • Jun 2003
            • 2181

            #6
            Unless I actually SEE a site defaced, or its on the national news I dont believe shit.

            Too many kids will screenshot a site and then go into adobe photoshop and say they defaced it.


            Fuck that I want to know its real...

            Comment

            • VideoVoyeur
              So Fucking Banned
              • Jun 2003
              • 2181

              #7
              http://www.embavenez.cl/

              that site was supposedly hacked, go look at it, all the retard did was make comments on the comment voard heh...

              Comment

              • Dildozer
                Confirmed User
                • Jul 2002
                • 7519

                #8
                Originally posted by VideoVoyeur
                Unless I actually SEE a site defaced, or its on the national news I dont believe shit.

                Too many kids will screenshot a site and then go into adobe photoshop and say they defaced it.


                Fuck that I want to know its real...
                the ones at the top were working well and were really defaced
                Spam link here

                Comment

                • VideoVoyeur
                  So Fucking Banned
                  • Jun 2003
                  • 2181

                  #9
                  BTW thats the Embassy of Chile, I dont think its been hacked 8))

                  Comment

                  • VideoVoyeur
                    So Fucking Banned
                    • Jun 2003
                    • 2181

                    #10
                    Originally posted by Dildozer


                    the ones at the top were working well and were really defaced
                    that one was at the top of the list man.

                    Here, lets go both signup at it, and then post that we hacked it... Think they'll believe it?

                    Comment

                    • KRL
                      Entrepreneur
                      • Oct 2002
                      • 31429

                      #11
                      Go to http://www.CoolPetSites.com and then click some of the links on the left for site sections. They've been defaced.

                      Awful. Just awful. The Net was not meant for this.
                      If you would like to develop your domains, you can lease inexpensive foreign labor
                      from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!

                      *** *** *** *** *** *** *** *** *** *** *** ***
                      Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

                      Comment

                      • VideoVoyeur
                        So Fucking Banned
                        • Jun 2003
                        • 2181

                        #12
                        People who hack well, dont post messages on a board, now lets see someone hack GFY and when you come here all you see is a black screen with someone who wrote

                        "FUCK YOU" in 12 size font...


                        All that guy did was post on their bulletin board, hell, I can do that too...

                        Comment

                        • VideoVoyeur
                          So Fucking Banned
                          • Jun 2003
                          • 2181

                          #13
                          Originally posted by KRL
                          Go to http://www.CoolPetSites.com and then click some of the links on the left for site sections. They've been defaced.

                          Awful. Just awful. The Net was not meant for this.
                          Yea, see thats a real defacement, not some idiot posting on a board heh

                          Comment

                          • Theo
                            HAL 9000
                            • May 2001
                            • 34515

                            #14
                            i defaced zillion sites back in 99 without even having amazing skills. You cant imagine how many of them had the standard frontpage password.

                            Comment

                            • VideoVoyeur
                              So Fucking Banned
                              • Jun 2003
                              • 2181

                              #15
                              That LinuxO guys hasnt defaced shit hes just finding sites with boards and saying that posting is defacement heh

                              Comment

                              • PowerCum
                                CjOverkill
                                • Apr 2003
                                • 1328

                                #16
                                Well, the real competition is tomorow.

                                There are some other groups that will join the fun tomorow. And there are at least two groups that have at least a 250 sites pool (per group) ready to be defaced... but this will be tomorow I think

                                As the contest involves mainly web page change, I think it will not harm very much.

                                CjOverkill Traffic Trading Script
                                Free, secure and fast traffic trading script. Get your copy now

                                Comment

                                • ServerGenius
                                  Confirmed User
                                  • Feb 2002
                                  • 9377

                                  #17
                                  Originally posted by PowerCum
                                  Well, the real competition is tomorow.

                                  There are some other groups that will join the fun tomorow. And there are at least two groups that have at least a 250 sites pool (per group) ready to be defaced... but this will be tomorow I think

                                  As the contest involves mainly web page change, I think it will not harm very much.

                                  No harm done? Any hack causes damage and a shitload more
                                  than the hacker imagines....white hat, black hat it's all the same.
                                  When a box is being compromised it costs money. The box needs
                                  to get cleaned/reinstalled because who assures the victim that
                                  only his webpage has been defaced? This costs time, money,
                                  causes bad publicity, damages reputation and often causes
                                  people to lose their jobs. Now please explain me once more that
                                  there is no damage being done defacing a webpage

                                  DynaMite
                                  | http://www.sinnerscash.com/ | ICQ: 370820 | Skype: SinnersCash | AdultWhosWho |

                                  Comment

                                  • NetRodent
                                    Confirmed User
                                    • Jan 2002
                                    • 3985

                                    #18
                                    Originally posted by DynaSpain


                                    No harm done? Any hack causes damage and a shitload more
                                    than the hacker imagines....white hat, black hat it's all the same.
                                    When a box is being compromised it costs money. The box needs
                                    to get cleaned/reinstalled because who assures the victim that
                                    only his webpage has been defaced? This costs time, money,
                                    causes bad publicity, damages reputation and often causes
                                    people to lose their jobs. Now please explain me once more that
                                    there is no damage being done defacing a webpage

                                    DynaMite
                                    It isn't a hacked box that costs money, its a hackable box. A defacement is merely a wakeup call. Would you prefer to have real security or the illusion thereof?
                                    "Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats."
                                    --H.L. Mencken

                                    Comment

                                    • PowerCum
                                      CjOverkill
                                      • Apr 2003
                                      • 1328

                                      #19
                                      Originally posted by DynaSpain


                                      No harm done? Any hack causes damage and a shitload more
                                      than the hacker imagines....white hat, black hat it's all the same.
                                      When a box is being compromised it costs money. The box needs
                                      to get cleaned/reinstalled because who assures the victim that
                                      only his webpage has been defaced? This costs time, money,
                                      causes bad publicity, damages reputation and often causes
                                      people to lose their jobs. Now please explain me once more that
                                      there is no damage being done defacing a webpage

                                      DynaMite
                                      I meant that the contest does not contemplate server data destruction (something like rm -rf /*).
                                      Also, I don't give a fuck if someone loses his work because he does not protect the servers he administrates. There has been long time discussion about this. My personal opinion is that if the admin is unable to make the convenient upgrades, fixes and a decent config he does not have to work as an admin.
                                      Now is when you jump ad say something like "you cannot protect yourself from 0day (zero day) exploits". This is wrong too, you can if you know how does a program, system and CPU work at low level. Also you can make lots of configs that will minimize the attack. Antd if you are skilled enought, you can completely disable any kind of overflow attack (involves system kernel hacking and some performance impact), after that you will only be vulnerable to your own configuration bugs.

                                      About that you have to format the entire box after a defacement... well, if you web server is installed as it must be installed and not just by hitting the rpm package install button or by running ./configure; make; make install, then you would not need to reformat the entire box just because someone changed your home page (if he can do that after a proper setup).

                                      Most admins around just hit the RedHat or BSD install button, then install webmin and some extra tools and forget about the box untill it dies or someone hacks it. Then the admin says something like "damn hackers" without even realizing that his box was vulnerable to bugs reported about 6 months ago. And I am pretty shure the 99%, just because I don't like to say 100%, of the normal servers around that all the companies offer here to host your stuff have a default installation (with default kernel and system setup with all the stability, perfomance and security impacts this carries), and from time to time the admin just hits the update button.

                                      I am linux developer and I also have an maintain my own linux distribution (one of the few linux distros with C2+ compliant security), so I think I know something about how does a standard linux distro look and how does one with a decent setup and config look. Also I am pretty shure some of the admins will be unable to administrate a system with a decent security policy.

                                      If you do not like hackers, that's your problem. I love them. When my system is under a good hacking attack I enjoy looking on how they do it and the methods they try.

                                      Also if you have a spare box, I recommend you to setup a honeypot and have a look at it, that's the best way to see how do attackers perform and what they usually do on your box.

                                      Of course, In the adult industry the security is almost zero. And when people report security bugs, then they get bashed because they do report a bug. The only thing that you get in exchange is no more security reports about your sites or your products untill some 16 years kid decides to exploit these bugs and have some fun. I talk from my own experience. Some time ago I reported a bug to a TGP script. The author bashed on me and did not fix the bug (even when I provided him with a patch for that specific bug). Of course, the version that bug affected never had an official patch released (it was a free version, but the next version was intended to be paid). Some time after that the author reported that lots of sites using that software were hacked probably using the bug I reported (any 16 years kid with some security knowledge would see that bug). The same bug affected some of the other services this person was offering as it was in the auth scheme he used in his software. All I got were bashes and a bann from him.
                                      Now how do you expect me to report a security bug to you if I find some security flaw into your site or your software? No way, I keep it for me, and share it with who I decide or with the best bidder. No joke here, when someone reports a security bug tell him at least "thank you", after all this person has spent his time reviewing your product.

                                      These hacking contests are good, Think it in this way... you get a free security test on your system.
                                      CjOverkill Traffic Trading Script
                                      Free, secure and fast traffic trading script. Get your copy now

                                      Comment

                                      • Xplicit
                                        Confirmed User
                                        • May 2003
                                        • 3558

                                        #20
                                        As long as all they do is make some little homepages changes, who cares?

                                        They're basically showing people what needs to be patched, for FREE.

                                        Comment

                                        • Pipecrew
                                          Master of Gfy.com
                                          • Feb 2002
                                          • 14888

                                          #21
                                          why would they deface a site like this?

                                          http://www.ottawacea.com/

                                          Comment

                                          • loverboy
                                            When it rains, it pours
                                            • May 2003
                                            • 20609

                                            #22
                                            is there a way to prevent such attack on a Linux/Win2k Server?

                                            Comment

                                            • MattO
                                              The O is for Oohhh
                                              • Feb 2003
                                              • 10861

                                              #23
                                              Yea it's interesting how so many of the "defacements" were just shit posted to message boards. Probably sites who never changed their script defaults.

                                              It will be interesting to see in the end the OS battle.

                                              Comment

                                              • hottoddy
                                                Confirmed User
                                                • Oct 2002
                                                • 3049

                                                #24
                                                It looks like they only defaced a bunch of lame sites that were already known to be hackable.
                                                - *** -

                                                Comment

                                                • MattO
                                                  The O is for Oohhh
                                                  • Feb 2003
                                                  • 10861

                                                  #25
                                                  Oh no! This thread is on their "defacements on hold" page!

                                                  Shit!

                                                  We've been h4x0r'd!!

                                                  Comment

                                                  • Damian_Maxcash
                                                    So Fucking Banned
                                                    • Oct 2002
                                                    • 12745

                                                    #26
                                                    Originally posted by loverboy
                                                    is there a way to prevent such attack on a Linux/Win2k Server?
                                                    As far as I can see.... dont use PHP Nuke

                                                    Comment

                                                    • blackmonsters
                                                      Making PHP work
                                                      • Nov 2002
                                                      • 20992

                                                      #27
                                                      Originally posted by PowerCum



                                                      Also, I don't give a fuck if someone loses his work because he does not protect the servers he administrates. There has been long time discussion about this. My personal opinion is that if the admin is unable to make the convenient upgrades, fixes and a decent config he does not have to work as an admin.


                                                      Of course, In the adult industry the security is almost zero. And when people report security bugs, then they get bashed because they do report a bug.

                                                      Some time ago I reported a bug to a TGP script. The author bashed on me and did not fix the bug (even when I provided him with a patch for that specific bug).

                                                      All I got were bashes and a bann from him.
                                                      Now how do you expect me to report a security bug to you if I find some security flaw into your site or your software?


                                                      Too fucking true!!!!
                                                      Most hacking can be stopped by adding patches that are published all over the place. But dumb assed arrogant admins that don't know about them call people fuck wads when they actually report it months before they get hacked.

                                                      Then they try to email you like "now what was that you were saying before".

                                                      At that point do you really give a shit? No! I don't for sure.
                                                      Your neighbor will murder you with frogs
                                                      Click here

                                                      Comment

                                                      • PowerCum
                                                        CjOverkill
                                                        • Apr 2003
                                                        • 1328

                                                        #28
                                                        Originally posted by loverboy
                                                        is there a way to prevent such attack on a Linux/Win2k Server?
                                                        Yes, there are several ways.
                                                        Of course, all the methods require a skilled admin.
                                                        The other method is hiring a monkey to stay 24/7 in front of the server and watch the logs in real time, then deny all the bad connections from the firewall. Most admins do exactly the same that the monkey could do, with the only difference that they cannot even do that efficiently.

                                                        If you want some special security setup, then contact me on ICQ 171216535 . I will start with the developement and assembly of the new version of my linux distro in some weeks (perhaps one month, depends on my needs), so if you want some special software to be added don't hestiate in contact me
                                                        CjOverkill Traffic Trading Script
                                                        Free, secure and fast traffic trading script. Get your copy now

                                                        Comment

                                                        • volante
                                                          Confirmed User
                                                          • Mar 2002
                                                          • 2940

                                                          #29
                                                          Originally posted by NetRodent


                                                          It isn't a hacked box that costs money, its a hackable box. A defacement is merely a wakeup call. Would you prefer to have real security or the illusion thereof?
                                                          If someone breaks into your house and paints your living room bright green while you're out, do you say to yourself "Shit! It's all my fault 'cos my security system wasn't good enough"?

                                                          Comment

                                                          • PowerCum
                                                            CjOverkill
                                                            • Apr 2003
                                                            • 1328

                                                            #30
                                                            Originally posted by volante


                                                            If someone breaks into your house and paints your living room bright green while you're out, do you say to yourself "Shit! It's all my fault 'cos my security system wasn't good enough"?
                                                            If he only paints and does not break things, I would not only say "my security system is a crap and needs to be upgraded" but I also would thank him for showing me that my security system is crap. Also I have seen no one fuckin house security system that lets everyone to enter without even need of a key or special tool.
                                                            If your site can be defaced only by using a browser (lots of bugs do not need tools to be exploited), then it's the same as leting your house doors and windows open while you go out, and if your site has visitors, then in comparison a tourist touring service also passes through the street near your house all the time (20k site... 20k tourists passing on the sreet around your house).

                                                            Also, I think admins must administrate the servers they are suposed to administrate, and not go out.

                                                            How would you feel if you knew that your bank computer systems are vulnerable to security bugs reported 6 months ago but their admins do not give a fuck and don't patch them, so anyone could access to your bank account and transfer a random amount of $$$ to his own account?
                                                            If you have a server that hosts you, it's not very different, after all that server makes the money (or helps to make it) you get in your bank account.
                                                            CjOverkill Traffic Trading Script
                                                            Free, secure and fast traffic trading script. Get your copy now

                                                            Comment

                                                            • volante
                                                              Confirmed User
                                                              • Mar 2002
                                                              • 2940

                                                              #31
                                                              Originally posted by PowerCum


                                                              If he only paints and does not break things, I would not only say "my security system is a crap and needs to be upgraded" but I also would thank him for showing me that my security system is crap.
                                                              What's your address?

                                                              Comment

                                                              • PowerCum
                                                                CjOverkill
                                                                • Apr 2003
                                                                • 1328

                                                                #32
                                                                Originally posted by volante


                                                                What's your address?
                                                                What's your server?

                                                                Also I prefer some light blue or white paint.

                                                                My address is on some theread here on GFY... dig and you'll find it.
                                                                CjOverkill Traffic Trading Script
                                                                Free, secure and fast traffic trading script. Get your copy now

                                                                Comment

                                                                • lEricPl
                                                                  Confirmed User
                                                                  • Dec 2002
                                                                  • 1062

                                                                  #33
                                                                  Linux (59.3%)

                                                                  Win 2000 (18.5%)

                                                                  FreeBSD (11.1%)

                                                                  Unknown (7.4%)

                                                                  AIX (3.7%)





                                                                  Windows Hater? -


                                                                  Comment

                                                                  Working...