OT - Hackers - Just an FYI

MoFunk · Jul 3, 2003

By TED BRIDIS AP Technology Writer

WASHINGTON (AP) - The government and private technology experts warned Wednesday that hackers plan to attack thousands of Web sites Sunday in a loosely coordinated "contest" that could disrupt Internet traffic.

An early-warning network for the technology industry, operating with the Department of Homeland Security, notified companies that it received "credible information" about the planned attacks and already has detected surveillance probes by hackers looking for weaknesses in corporate and government networks.

"We emphasize that all Web site administrators should ensure that their sites are not vulnerable," wrote Peter Allor of Internet Security Systems Inc., the Atlanta-based company that runs the Information Technology Information Sharing and Analysis Center.

Separately, the New York Office of Cyber-Security and Critical Infrastructure Coordination warned Internet providers and other organizations that the goal of the hackers was to vandalize 6,000 Web sites in six hours.

New York officials urged companies to change default computer passwords, begin monitoring Web site activities more aggressively, remove unnecessary functions from server computers and apply the latest software repairs from vendors such as Microsoft Corp.

2003-07-02 16:22:37 GMT

ProviaFan · Jul 3, 2003

But now that the government lets everyone know that it's going to happen, won't the hackers just change their plans? Anyway, it's a good reminder to those incompetent admins to patch their as-vulnerable-as-a-sitting-duck IIS server.

MongoX · Jul 3, 2003

jliechty - you mean you're supposed to patch servers????

I thought if you left everything to default settings it would update itself...

< ( note to self - change password )
thanks for the info MoFunk.

MoFunk · Jul 3, 2003

LOL MongoX.

Soggysocks · Jul 3, 2003

<U>All</U> you tech's ....this would be a good time to strike back!:beer:

If you are so good at what you do , then hack back at the perpetrators :evil:

RaySun2Be · Jul 3, 2003

From here: http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.com/infosyssec/bor2.htm

Top Ten Attacked ports this month:

Service Name....Port Number....Explanation
netbios-ns...........137...............NETBIOS Name Service
microsoft-ds........445...............Win2k+ Server Message Block
www...................80.................World Wide Web HTTP
ms-sql-m.............1434.............Microsoft-SQL-Monitor
ident...................113...............
netbios-ssn........139...............NETBIOS Session Service
..........................7294....................................................
eDonkey2000....4662..............eDonkey2000 Server Default Port <-------this is interesting!
---.......................0.........................................................
---.......................9007....................................................

Baldy18 · Jul 3, 2003

Hasn't the government just advertised for the event?

MoFunk · Jul 3, 2003

edonkey2000 makes the top 10. Hmmm, that is very interesting. Wonder if that wacko polititian is trying to execute his master plan. I don't remember his name but he is the one suggesting that the RIAA could hack and destroy the PC of file swapers. Nice guy eh.

On a funny side note I recently got hooked up on DSL so I have been looking for music online with kazaa lite. I noticed that downloading music was not working well. It would find a ton but when I would actually start to download it would say searching forever then say more resources needed. SO out of curiosity I tried to get some pr0n. Well that downloaded easily! Kinda odd that if I was a kid, I would not be albe to download an eminem song very easily but I could watch 3 dudes hump a moose with little effort. Gotta love it.

ProviaFan · Jul 3, 2003

Originally posted by: RaySun2Be
From here: http://www.infosyssec.com/cgi-bin/link.cgi?target=http://www.infosyssec.com/infosyssec/bor2.htm

Top Ten Attacked ports this month:

Service Name....Port Number....Explanation
netbios-ns...........137...............NETBIOS Name Service
microsoft-ds........445...............Win2k+ Server Message Block
www...................80.................World Wide Web HTTP
ms-sql-m.............1434.............Microsoft-SQL-Monitor
ident...................113...............
netbios-ssn........139...............NETBIOS Session Service
..........................7294....................................................
eDonkey2000....4662..............eDonkey2000 Server Default Port <-------this is interesting!
---.......................0.........................................................
---.......................9007....................................................

Hmm, I wonder if the eDonkey2000 attacks are thwarted if one uses a different port for the application.

<-- has a "friend" that uses emule... yea, a friend, seriously.

Spacehead · Jul 4, 2003

I got an email about this, this morning from ZA, reminding me to make sure it's the up-to-date version.

-------------------------------------------

Dear Valued ZoneAlarm Customer,

You may have heard about the "Defacers Challenge" taking place this
upcoming weekend. The U.S. government and several technology experts
have warned that an organized contest among hackers has been planned
for Sunday. The objective of the contest is to deface company Web
sites.

While the attack is not aimed at individuals, hackers often use
individual's computers to launch these types of attacks. And although
this does not represent an extreme threat, it's an important reminder
that even though we may be relaxing in the sun, hackers are still
hard at work.

To ensure that you are fully protected, we wanted to remind you to
check your version of ZoneAlarm and make sure you are running the
most recent version.

Our entire line of consumer firewall products has been updated over
the past three weeks. If you have not updated your product yet, we
recommend you do so now.

You can access the latest version by clicking on the link below:

http://www.zonelabs.com/latest

To maximize your protection, we also recommend checking your
anti-virus software to make sure you are running the most recent
version.

You can find out more about the "Defacers Challenge" story at:
http://news.com.com/2100-1002_3-1023172.html?tag=fd_top

One last thing...if you plan to be out of town over the weekend, the
best security is to turn off your PC.

Have a safe and relaxing weekend!

Zone Labs

-------------------

I guess i'll go update

MrBadidea · Jul 4, 2003

Somebody I know owns his own hosting company, that hosts around 2000 websites- from personal pages with 1 or 2 hits a year (*cough*) to a couple tech sites.

It was hacked last weekend and all the sites were replaced with dodgy "tag" pages. Bloody n0bbin h4x0rs :x

RaySun2Be · Jul 5, 2003

Originally posted by: MrBadidea
Somebody I know owns his own hosting company, that hosts around 2000 websites- from personal pages with 1 or 2 hits a year (*cough*) to a couple tech sites.

It was hacked last weekend and all the sites were replaced with dodgy "tag" pages. Bloody n0bbin h4x0rs :x

dasm, that sucks. :|

Thanks Spacehead on the ZA info. I was current, since I try to check for firewall updates once a month, and anti-virus updates every 2 days.

Electrode · Jul 5, 2003

I think my site is pretty safe. Guess I'll know for sure once this thing gets underway.

SinfulWeeper · Jul 5, 2003

[4th of July jibberish]
http://www.nook.net/

Still going good and strong. I does not use that weak M$ servers BS. Already logged 11,232 attacks (my guess is 1000+/- in our own network) in the last 24 hours.
Lets see if the AT effect could tripple that amount. Nothin like a hacker wasting their time

... as if they don't do it enough anyway.

The only way that I have seen that somebody could break a linux system remotely is if the administrator was stupid by one of two ways, or both.
1. Leaving ports open... which is dumb. Kinda like leaving your keys in the ignition of your car down town.
2. Having an easy password... like the wife who always invites your friends over

But if we get hacked,

It'll make our system that much more secure for the next time

[/4th of July jibberish]

JonB · Jul 5, 2003

I am getting a few more Port 80 scans than usual.
But, overall, fewer scans per hour.

EyeMWing · Jul 5, 2003

Hackers my left nut. This has "RIAA kiddie recruitment drive" written all over it. The WingNet's intranet runs off Apache Win32 (with the exception of the router control panel, which is Apache Linux) and the domain server/webserver/fileserver (Win2k3 Evaluation) sits completely unaware of Internet access. So this should be a fairly safe place (Even more so since I've got a packet sniffer running on the router). I think there's a security update for my router distro though, better look into that.

Oh yeah, and a few words of wisdom for anyone considering participating. The Internet is not anonymous. Anyone with enough time and skill can resolve your IP address to a real name and contact information. Step into the wrong administrator's system, and you may end up in federal custody. Step into a CRAZY administrator's system and your life can become hell on earth. Step into another hacker's system and your computer can indeed be effectively destroyed. Nothing dramatic involving fire and explosions like in the movies, but a computer can in fact eat itself alive. A simple BIOS flash from within the OS using random garbage data, then overwrite your HDDs with random garbage data, then your video BIOS is turned to garbage, then your memory overwritten until the computer simply hangs. All of these can be done without your even knowing. This leaves you with a garbage motherboard, garbage video card, completely erased harddrive, and quite possibly, a dead CPU if the fan is BIOS controlled. All because you had to be a dickhead and screw with someone else's stuff.

HayHauler · Jul 6, 2003

^^^^^^^^^^^^^^^^^^

AMEN, EyeMWing

BadThad · Jul 6, 2003

Double AMEN! BUST EM and lock em up!

SoulAssassin · Jul 6, 2003

Check this and this

While I'm all for a call to arms (or hotfixes as the case may be), it turned out to be nothing as expected.

n0cmonkey · Jul 7, 2003

Originally posted by: SinfulWeeper
[4th of July jibberish]
http://www.nook.net/

Still going good and strong. I does not use that weak M$ servers BS. Already logged 11,232 attacks (my guess is 1000+/- in our own network) in the last 24 hours.
Lets see if the AT effect could tripple that amount. Nothin like a hacker wasting their time ... as if they don't do it enough anyway.

The only way that I have seen that somebody could break a linux system remotely is if the administrator was stupid by one of two ways, or both.
1. Leaving ports open... which is dumb. Kinda like leaving your keys in the ignition of your car down town.
2. Having an easy password... like the wife who always invites your friends over

But if we get hacked,
It'll make our system that much more secure for the next time

[/4th of July jibberish]

You forgot holes in the software, which typically isn't the admin's fault (unless there is a patch out there already). Unpatched software, which can be files into the dumb admin section. And of course general protocol fun.

OT - Hackers - Just an FYI

Diamond Member

Lifer

Member

Diamond Member

Golden Member

Lifer

Diamond Member

Diamond Member

Lifer

Lifer

Member

Lifer

Diamond Member

Diamond Member

Platinum Member

Banned

Golden Member

Lifer

Diamond Member

Elite Member