|
|
| Author |
Message |
Justin
4WebHelp Addict
Joined: 07 Jan 2002
Posts: 1060
|
 Posted:
Thu Jul 03, 2003 3:46 pm (21 years, 6 months ago) |
  |
A defacement challenge scheduled for Sunday is likely to target Web hosting companies rather than individual Web sites.
Defacement archive site Zone-H reasons that crackers will target Web sites they have already rooted because of the limited time set aside for the challenge.
The 'rules' of the challenge state that there will not be any difference when counting a single defacement (single IP) or a mass-defacement (many domain names on the same IP), so Zone-H reasons, hosting firms will be the main target.
"Given time frame will be only six hours, what is mostly going to happen is that a lot of Web hosting companies will be hit, instead than single servers belonging to different companies," Zone-H reports.
Due to the sharp decrease of the defacement over the last few days, Zone-H reasons crackers rooting possible targets without defacing them, so to be ready with a lot of ready-to-be-defaced targets to be used on the contest day. The defacement competition challenges crackers to deface as many as 6,000 sites in the shortest time possible to win the contest.
Point values are based on the operating systems hacked and defaced. HP-UX, Apple, and IBM-AIX are worth more points due to their limited use as Web-hosting platforms, and because they are targeted less often than Microsoft and Linux-based systems.
Zone-H is forecasting anywhere from 20,000 attacks might arise from the challenge. However it is downplaying fears that mass disruption of Internet services due to the attacks.
"A mass-defacement (even of several thousands domain names) is usually conducted opening a single connection to the attacked server," it reasons.
Defacement attacks occur all the time, not only during a mass hacking contest. But in the run up to the latest hacking spree there's all the more reason to shore up security defences.
Zone-H recommends the following general security precautions to sysadmins:
Download and apply all security patches
Shut down all the unnecessary modules on a Web server
Close all the unnecessary ports
It's also a wise precaution to check for the presence of any backdoor/rootkit on systems. Tell tale signs include: freshly added unknown users, suspicious connections on open port and suspicious shell program. Spotting these kinds of problems is where vulnerability scanners come in useful.
Finally, in the know thy enemy category, Zone-H, reminds sysadmins of the most common vulnerabilities targeted by defacers. These include flaws in the following packages/services: OpenSSL, Samba, Webdav, Frontpage extension misconfiguration, AIX ftpd, Solaris telnetd, Sendmail, Wuftpd, Proftpd, PHPnuke (not for mass defacement but still an ever present risk), OmniBack II and Cpanel.
Let's be careful out there. |
|
|
     |
|
Daniel
Team Member
Joined: 06 Jan 2002
Posts: 2564
|
| Posted:
Thu Jul 03, 2003 4:18 pm (21 years, 6 months ago) |
|
Justin, please link to the article instead of posting it here, for copyright reasons  |
________________________________
 |
|
|
|
adam
Forum Moderator & Developer
Joined: 26 Jul 2002
Posts: 704
Location: UK
|
| Posted:
Thu Jul 03, 2003 9:12 pm (21 years, 6 months ago) |
|
ok...I have a feeling I'll be camped out on Sunday keeping a very close eye on Valcato's severs 
infact, I think I'll go through them all in the next few days looking for security problems - any tips on what to look for? (besides what the article mentioned ) |
________________________________
It's turtles all the way down... |
|
 |
|
Iyonix
WebHelper
Joined: 12 Nov 2002
Posts: 82
Location: Yarm, England
|
| Posted:
Sat Jul 05, 2003 1:25 pm (21 years, 6 months ago) |
|
It might be an idea to backup sites today... |
________________________________
Iyonix |
|
|
|
jayant
Team Member
Joined: 07 Jan 2002
Posts: 262
Location: New Delhi, India
|
| Posted:
Mon Jul 07, 2003 3:48 am (21 years, 6 months ago) |
|
|
  |
|
adam
Forum Moderator & Developer
Joined: 26 Jul 2002
Posts: 704
Location: UK
|
| Posted:
Mon Jul 07, 2003 10:10 am (21 years, 6 months ago) |
|
lol I'm proud to say that it doesn't look like any of Valcato's servers got hit one of them was down most of the day, but that was not hacker-related  |
________________________________
It's turtles all the way down... |
|
|
|
Daniel
Team Member
Joined: 06 Jan 2002
Posts: 2564
|
| Posted:
Tue Jul 08, 2003 8:42 am (21 years, 6 months ago) |
|
No Jayant, it wasn't me; I didn't even have access to the net during that time  . |
________________________________
|
|
|
|
norm
Junior WebHelper
Joined: 17 Feb 2003
Posts: 20
Location: Oxford, U.K.
|
| Posted:
Tue Jul 08, 2003 10:17 am (21 years, 6 months ago) |
|
|
 |
|
jayant
Team Member
Joined: 07 Jan 2002
Posts: 262
Location: New Delhi, India
|
| Posted:
Tue Jul 08, 2003 11:34 am (21 years, 6 months ago) |
|
|
|
|
|
|
|
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot edit your posts in this forum.
You cannot delete your posts in this forum.
You cannot vote in polls in this forum.
|
Page generation time: 0.131172 seconds :: 17 queries executed :: All Times are GMT
Powered by phpBB 2.0
© 2001, 2002 phpBB Group :: Based on an FI Theme
|
