Hack Attack on Men's News Daily

Men's News Daily ^ | 17 December 2004 | Self

[mrustow]

Men's News Daily, one of the most popular Web sites for commentary and news, has been hacked by a group calling itself "Rebellious Fingers Brazilian Defacement Crew." The conservative Web site has ben replaced by a Web page from the presumably Marxist hacker group.

In recent years, many leading conservative Web sites, including towhnall.com, lewrockwell.com, and the no longer in business toogoodreports.com, have been hacked by leftwing groups.

Mens News Daily editor-publisher Mike LaSalle has not responded to queries as to the duration or source of the attack, or when the site might return to service.

[escapefromboston]

hackerz r sooo kewl. LOL
I want 2 b a hakcer when i grow up.

Like being a liberal wasn't pathetic enough.

[GOP_1900AD]

Brazil is following in the footsteps of Cuba. Communism is spreading like a disease throughout the hemisphere. Circle the wagons, boys.

[Prime Choice]

These kids aren't hackers. They're scriptkiddy defacers. There's a massive difference.

[Prime Choice]

Ack. No wonder the site got hit. It's low-hanging fruit. It's running with FrontPage and PHP. Bad news, no matter which way you slice it.

[Mike Bates]

Found this out when I tried to log on early this morning. Sent an email to Mike, but he's probably really busy.

A fine site, hope it's back up soon.

[JoJo Gunn]

[mrustow]

BTTT

[MineralMan]

This happened this morning, I believe. I saw a post about it early when I logged on today.

Here's the question: Is the site self-hosted or is it hosted by another company? I have two sites that are hosted by a hosting company. I called them today and asked what they could do if my site was hacked like this one was. The Tech Support guy told me that I could call them on the phone and they'd confirm who I was, based on the information they have there. They'd then put a placeholder page on the site, after removing the data. I could then re-upload my site at my convenience, once they changed the passwords for me.

If it were on my own server, it would have been even easier. The hacked site would no longer be visible, because I'd just unplug the connection to the net until I had the site restored.

I guess I don't get why this hacked version is still up and available. Anyone have any idea?

[Beaker]

*ping*

[Ryan Spock]

I guess I don't get why this hacked version is still up and available. Anyone have any idea?

Nope. As a webmaster of several sites and general web-geek, I can't fathom why they couldn't at least replace it with a stupid little "Website Temporarily Down" page or something.

I guess they have a very unresponsive hosting company, or nobody on staff who really understands the most basic workings of internet technologies.

[MineralMan]

"Nope. As a webmaster of several sites and general web-geek, I can't fathom why they couldn't at least replace it with a stupid little "Website Temporarily Down" page or something.

I guess they have a very unresponsive hosting company, or nobody on staff who really understands the most basic workings of internet technologies."

Well, I'm assuming they hacked the password used for publishing the website at the host, since the site was done in FrontPage. Still, a decent host has backup confirmation information on the registree. Mine certainly does. I have three test questions I can use to confirm my identity, plus my phone number which is the same as the one in the registration info.

The tech I spoke to today said that it would be no problem to change passwords for me and pop a temporary index page up to say the site was down. Once the new password was in place, I could simply re-publish the site.

If I was using my own server, it would be child's play, of course.

[Ryan Spock]

The tech I spoke to today said that it would be no problem to change passwords for me and pop a temporary index page up to say the site was down. Once the new password was in place, I could simply re-publish the site.

Exactly. This should take less than 5 minutes, assuming a live human being is available at the web hosting company. It's my understanding that this particular site has been down for several hours or more.

[MineralMan]

Well, the guy uses hostway.net for his hosting. He's listed, though, as the only contact in his whois data, so maybe he's running a remote server through hostway. That would make it possible a little more difficult to get the temp page up, I guess.

Still, hostway.net is fairly large. You'd think they could do something.

[Ryan Spock]

And whatever the case, since it's a conservative site, I wish them well -- hopefully somebody will get things figured out, get the page fixed, and ultimately get it back on line with all the security holes plugged, so it doesn't happen again.

[mrustow]

These kids aren't hackers. They're scriptkiddy defacers. There's a massive difference.

Mind explaining the difference?

[mrustow]

Hacker Devil Zing!

[mrustow]

Hacker Devil Zing!

[Prime Choice]

Gladly.

1. Hacker (hak-ker), [n]: 1. A person who has a real love of the technology and knows it on a very intimate level. 2. First coined at MIT and at Berkeley where people understood the technology so intimately they could literally navigate around it in the dark. 3. Originally deemed a compliment to someone of exceptional technical skill.
2. Cracker (krak-er), [n]: 1. One who breaks into systems using someone else's exploit code. 2. See also: Scriptkiddy.
3. Scriptkiddy (scrihpt-kih^dee), [n]: 1. A computer user who utilizes the work of other more skilled people for personal gain, typically without giving anything back to the computer security community; 2. A computer user who maliciously, and without authorization, modifies the contents of Web sites; 3. A computer user who claims a higher skill level than he or she genuinely possesses.

[mrustow]

Hacker Devil Zing!