|
You do not want your site to be on this list
As all you know, the hacking competition was about to start tomorow. Unfortunately, some people have decided to start it before.
Here are some of the results: http://zone-h.org/en/defacements Let the games begin! :321GFY |
|
OMG - fucking unreal. :ak47:
|
i wish they'd deface something of political value
|
Those sites are booooooring!
|
Unless I actually SEE a site defaced, or its on the national news I dont believe shit.
Too many kids will screenshot a site and then go into adobe photoshop and say they defaced it. Fuck that I want to know its real... |
http://www.embavenez.cl/
that site was supposedly hacked, go look at it, all the retard did was make comments on the comment voard heh... |
Quote:
|
BTW thats the Embassy of Chile, I dont think its been hacked 8))
|
Quote:
Here, lets go both signup at it, and then post that we hacked it... Think they'll believe it? |
Go to http://www.CoolPetSites.com and then click some of the links on the left for site sections. They've been defaced.
Awful. Just awful. The Net was not meant for this. |
People who hack well, dont post messages on a board, now lets see someone hack GFY and when you come here all you see is a black screen with someone who wrote
"FUCK YOU" in 12 size font... All that guy did was post on their bulletin board, hell, I can do that too... |
Quote:
|
i defaced zillion sites back in 99 without even having amazing skills. You cant imagine how many of them had the standard frontpage password.
|
That LinuxO guys hasnt defaced shit hes just finding sites with boards and saying that posting is defacement heh
|
Well, the real competition is tomorow.
There are some other groups that will join the fun tomorow. And there are at least two groups that have at least a 250 sites pool (per group) ready to be defaced... but this will be tomorow I think As the contest involves mainly web page change, I think it will not harm very much. :321GFY |
Quote:
than the hacker imagines....white hat, black hat it's all the same. When a box is being compromised it costs money. The box needs to get cleaned/reinstalled because who assures the victim that only his webpage has been defaced? This costs time, money, causes bad publicity, damages reputation and often causes people to lose their jobs. Now please explain me once more that there is no damage being done defacing a webpage DynaMite :321GFY |
Quote:
|
Quote:
Also, I don't give a fuck if someone loses his work because he does not protect the servers he administrates. There has been long time discussion about this. My personal opinion is that if the admin is unable to make the convenient upgrades, fixes and a decent config he does not have to work as an admin. Now is when you jump ad say something like "you cannot protect yourself from 0day (zero day) exploits". This is wrong too, you can if you know how does a program, system and CPU work at low level. Also you can make lots of configs that will minimize the attack. Antd if you are skilled enought, you can completely disable any kind of overflow attack (involves system kernel hacking and some performance impact), after that you will only be vulnerable to your own configuration bugs. About that you have to format the entire box after a defacement... well, if you web server is installed as it must be installed and not just by hitting the rpm package install button or by running ./configure; make; make install, then you would not need to reformat the entire box just because someone changed your home page (if he can do that after a proper setup). Most admins around just hit the RedHat or BSD install button, then install webmin and some extra tools and forget about the box untill it dies or someone hacks it. Then the admin says something like "damn hackers" without even realizing that his box was vulnerable to bugs reported about 6 months ago. And I am pretty shure the 99%, just because I don't like to say 100%, of the normal servers around that all the companies offer here to host your stuff have a default installation (with default kernel and system setup with all the stability, perfomance and security impacts this carries), and from time to time the admin just hits the update button. I am linux developer and I also have an maintain my own linux distribution (one of the few linux distros with C2+ compliant security), so I think I know something about how does a standard linux distro look and how does one with a decent setup and config look. Also I am pretty shure some of the admins will be unable to administrate a system with a decent security policy. If you do not like hackers, that's your problem. I love them. When my system is under a good hacking attack I enjoy looking on how they do it and the methods they try. Also if you have a spare box, I recommend you to setup a honeypot and have a look at it, that's the best way to see how do attackers perform and what they usually do on your box. Of course, In the adult industry the security is almost zero. And when people report security bugs, then they get bashed because they do report a bug. The only thing that you get in exchange is no more security reports about your sites or your products untill some 16 years kid decides to exploit these bugs and have some fun. I talk from my own experience. Some time ago I reported a bug to a TGP script. The author bashed on me and did not fix the bug (even when I provided him with a patch for that specific bug). Of course, the version that bug affected never had an official patch released (it was a free version, but the next version was intended to be paid). Some time after that the author reported that lots of sites using that software were hacked probably using the bug I reported (any 16 years kid with some security knowledge would see that bug). The same bug affected some of the other services this person was offering as it was in the auth scheme he used in his software. All I got were bashes and a bann from him. Now how do you expect me to report a security bug to you if I find some security flaw into your site or your software? No way, I keep it for me, and share it with who I decide or with the best bidder. No joke here, when someone reports a security bug tell him at least "thank you", after all this person has spent his time reviewing your product. These hacking contests are good, Think it in this way... you get a free security test on your system. |
As long as all they do is make some little homepages changes, who cares?
They're basically showing people what needs to be patched, for FREE. :thumbsup |
|
is there a way to prevent such attack on a Linux/Win2k Server?
|
Yea it's interesting how so many of the "defacements" were just shit posted to message boards. Probably sites who never changed their script defaults.
It will be interesting to see in the end the OS battle. |
It looks like they only defaced a bunch of lame sites that were already known to be hackable.
|
Oh no! This thread is on their "defacements on hold" page!
Shit! We've been h4x0r'd!! |
Quote:
|
Quote:
Too fucking true!!!! Most hacking can be stopped by adding patches that are published all over the place. But dumb assed arrogant admins that don't know about them call people fuck wads when they actually report it months before they get hacked. Then they try to email you like "now what was that you were saying before". At that point do you really give a shit? No! I don't for sure. |
Quote:
Of course, all the methods require a skilled admin. The other method is hiring a monkey to stay 24/7 in front of the server and watch the logs in real time, then deny all the bad connections from the firewall. Most admins do exactly the same that the monkey could do, with the only difference that they cannot even do that efficiently. If you want some special security setup, then contact me on ICQ 171216535 . I will start with the developement and assembly of the new version of my linux distro in some weeks (perhaps one month, depends on my needs), so if you want some special software to be added don't hestiate in contact me :) |
Quote:
|
Quote:
If your site can be defaced only by using a browser (lots of bugs do not need tools to be exploited), then it's the same as leting your house doors and windows open while you go out, and if your site has visitors, then in comparison a tourist touring service also passes through the street near your house all the time (20k site... 20k tourists passing on the sreet around your house). Also, I think admins must administrate the servers they are suposed to administrate, and not go out. How would you feel if you knew that your bank computer systems are vulnerable to security bugs reported 6 months ago but their admins do not give a fuck and don't patch them, so anyone could access to your bank account and transfer a random amount of $$$ to his own account? If you have a server that hosts you, it's not very different, after all that server makes the money (or helps to make it) you get in your bank account. |
Quote:
|
Quote:
Also I prefer some light blue or white paint. My address is on some theread here on GFY... dig and you'll find it. |
Linux (59.3%)
Win 2000 (18.5%) FreeBSD (11.1%) Unknown (7.4%) AIX (3.7%) :1orglaugh Windows Hater? - :321GFY :winkwink: |
| All times are GMT -7. The time now is 09:52 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123