07-08-05

who are the hackers attacking our sites

they seem to use vulnerabilities on non-patched systems and where the write-rights of the index file in html or php is accessable from the internet
 
You should have a look through your Apache log files. Search for "system(chr(101)" or "echr". Usually these kind of requests indicate an attack.
You might want to secure your server using something like mod_security: http://www.modsecurity.org
http://www.tenon.com/lists/html/iTools/2005-07/msg00061.h...
 
1. http://www.albanianmafia.net/
http://www.zone-h.org/defacements/mirror/id=2526811/ hacked misterbelgium.be frontpage
 
2. Xtech Inc
http://bflzone.com/blog/?p=65
http://www.hackinthebox.org/modules.php?op=modload&na... attacked uzbezistan sites
xtech@bsdmail.org 
hackers ip address is 69.56.179.82
 
3. scriptx  zone60@hotmail.com
http://www.zone-h.org/defacements/mirror/id=2737129/ globalpartnership.be
scriptx is a name that according to google has been used for many things
spykids with email spykids@bsdmail.com  brasil
http://www.zone-h.org/defacements/mirror/id=2744061/
and if you google this, you will see this is a very active group in defacement
according to Google they hacked 6 sites tonight
 
4. rootbox
http://www.zone-h.org/defacements/mirror/id=2731120/ de-mot.be
I am not sure if their hacked by DOM has something to do with
the debate about hacking dom objects http://xmlconf.sourceforge.net/dom1/ecmascript/
THere is a program out there rootgoogler made by rootbox
but it has disappeared www.consultorioinformatico.net/hacking.htm
and he has written how to do it here http://www.deliveredsystem.org/index.php?id=hacking/root
and in this section you will find the manuals to attack bulletinboards, what is what they do
 
5.A1TS
http://www.zone-h.org/defacements/mirror/id=2732365/ defacement edublogs (political)
he seems to be hacking drupal blogformats
http://lists.drupal.org/archives/drupal-devel/2005-07/msg...
security update needed  http://drupal.org/drupal-4.6.2
did all those sites the 23 of july
http://www.google.com/search?q=A1TS+Forever+-+Anomaly+1n+...
and he also did a itunes darwin server
http://www.tenon.com/lists/html/iTools/2005-07/msg00062.h...
but the problem here was also write access to index.php
this did exist http://www.a1ts.org/
 
6.black phoenix    Phoenix_vzla@hotmail.com
http://www.zone-h.org/defacements/mirror/id=2729994/ beautyresort.be
quite an active guy, here are 6 other defacements
http://www.google.com/search?ie=UTF-8&q=Phoenix%5fvzl...
 
7.Hacked by D4rk-l0k0-c3s4r xD
http://www.zone-h.org/defacements/mirror/id=2721442/ hacked baby.be
defaced a creditcompagny in France according to Google
http://www.google.com/search?ie=UTF-8&q=D4rk%2dl0k0%2...
---------------------------------- D4rk-C3s4r xD is now your ...
.- D4rk-l0k0-C3s4r -. Contacto: cesarelloco15@hotmail.com. Sorry, your browser
doesn't support Java(tm). Saludos a "Las Gemelas xD" ya "D4rk-k0mp4" xD.
 - They hack together with alicia_ftd@hotmail.com

more analysis and updates to come
and do not forget
patch, patch patch and watch, watch watch (especially hostingfirms and ISP's)
 
for the record  : I do not hack, nor scan sites that are not mine. Period. I do not do things that I do not want other people to do.

02:02 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.