Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Hacking problem on our website...neverevernosanity webworm generation 13
http:// www.paxbaculum.com | 12/20/04 | armedanddangerous

Posted on 12/20/2004 7:03:43 PM PST by Armedanddangerous

Some friends and I have operated a self defense survival and conservatism website called www.paxbaculum.com .

This afternoon someone apparently took control of it with a worm called neverevernosanity webworm generation 13.


TOPICS: Miscellaneous; Technical; Your Opinion/Questions
KEYWORDS: cyberterrorism; hackers
Navigation: use the links below to view more comments.
first previous 1-2021-4041-59 next last
To: johnny3

Okay, I give up. Why would anyone want to open an unsolicited PowerPoint presentation that has absolutely nothing to do with the discussion at hand?


21 posted on 12/20/2004 7:54:41 PM PST by Prime Choice (Merry Christmas and a Happy New Year! ...And no, my powers can only be used for Good.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Prime Choice
Noooo! Not a total re-FReep-boot!..kidding.. gotta do what you gotta do. I am not finding anything on the name. Bet it is a renamed clone. Is there a DoS coming from zombie members?
22 posted on 12/20/2004 7:55:44 PM PST by Splatter (A foolish man is able to learn, has the opportunity, and does not do it..)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Prime Choice

Something like this? http://www.securityfocus.com/advisories/7600


23 posted on 12/20/2004 7:57:01 PM PST by Splatter (A foolish man is able to learn, has the opportunity, and does not do it..)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Prime Choice

I'm sorry, I should have said work stations, but also notice some NAT routers have built in Fire Walls.


24 posted on 12/20/2004 7:57:26 PM PST by Wiz
[ Post Reply | Private Reply | To 16 | View Replies]

To: Prime Choice

He's a troll spammer. Just checked his history. He's been posting that link on lots of threads.

I already hit the abuse button. What a dork.


25 posted on 12/20/2004 7:59:38 PM PST by mplsconservative (All I want for Christmas is a new pair of pajamas. My old ones are FReeped out!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Splatter
Noooo! Not a total re-FReep-boot!

Yes! Yes! By the stuned beebers of Freepdom, yes! ;o)

I am not finding anything on the name.

Ditto here. Got goose-eggs. And no indication of a Linux-based worm hitting web servers.

Bet it is a renamed clone. Is there a DoS coming from zombie members?

I don't see anything on a DDoS right now. I'm suspecting that somebody's workstation got boinked and the attacker leveraged access into the server from there. Wish I had a nickel for every time I've seen it done.

26 posted on 12/20/2004 8:01:11 PM PST by Prime Choice (Merry Christmas and a Happy New Year! ...And no, my powers can only be used for Good.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: mplsconservative
He's a troll spammer. Just checked his history. He's been posting that link on lots of threads.

Ditto. Just found him on another, unrelated thread. Ugh.

I already hit the abuse button.

Likewise. He'll be a smoking crater any moment now.

What a dork.

You read my mind. *smack* Stop that. ;o)

27 posted on 12/20/2004 8:02:27 PM PST by Prime Choice (Merry Christmas and a Happy New Year! ...And no, my powers can only be used for Good.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Armedanddangerous
This piece of freeware might help:

Sam Spade

Sam Spade for Windows is a freeware network query tool.  It may help you in tracking the perp.  It's also helpful to track & nail spammers.

Checked Symantec and McAfee and the worm you mentioned is not yet listed there.  Try checking them in a few weeks.  They are usually pretty good at catching new stuff before it really spreads too far.

Good Luck.

28 posted on 12/20/2004 8:06:14 PM PST by RebelTex (Freedom is Everyone's Right... ...and Everyone's Responsibility!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Wiz
I'm sorry, I should have said work stations

No worries, FRiend. Please forgive me if I came off as grumpy. I just finished summarizing a 600-page standards evaluation of a new server and a NOC. Not for the faint of heart.

but also notice some NAT routers have built in Fire Walls.

This is true...and I have an absolute blast when someone has a server behind a firewall that talks to the world. Firewalls are, unfortunately, no panacea when the world-accessible service (and its associated applications) are vulnerable to remote attack.

29 posted on 12/20/2004 8:06:35 PM PST by Prime Choice (Merry Christmas and a Happy New Year! ...And no, my powers can only be used for Good.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Prime Choice

Tee-hee.

Just lurking on this thread trying to learn some of the lingo.

I'm technology challenged.

I do know how to spot a dorky troll though. (:

Merry Christmas and a Happy New Year, Prime Choice!


30 posted on 12/20/2004 8:08:51 PM PST by mplsconservative (All I want for Christmas is a new pair of pajamas. My old ones are FReeped out!)
[ Post Reply | Private Reply | To 27 | View Replies]

To: Abcdefg; Armedanddangerous; Prime Choice
Of course, it may be an innocent party's PC they have installed a "zombie" on.

Or some poor guy who did not protect his wireless network.

31 posted on 12/20/2004 8:11:21 PM PST by RadioAstronomer
[ Post Reply | Private Reply | To 4 | View Replies]

To: Splatter

Ah-ha! I think you nailed it. Yup...I'd say that vector of attack seems most likely, considering the current installation. Good work, FRiend!


32 posted on 12/20/2004 8:11:35 PM PST by Prime Choice (Merry Christmas and a Happy New Year! ...And no, my powers can only be used for Good.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Prime Choice

This you?
http://client.grc.com/news.exe?cmd=article&group=grc.security&item=99653&utag=


33 posted on 12/20/2004 8:11:37 PM PST by Splatter (A foolish man is able to learn, has the opportunity, and does not do it..)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Armedanddangerous
If you go to your hacked second page you will see something like this.

DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > HEADBODY bgcolor="#000000" text="#FF0000"> H1>This site is defaced!!! ADDRESS>NeverEverNoSanity WebWorm generation 13.

Check the html on the same page in your computer publishing program. If it is ok why not try to republish the site. If the file in your computer looks like the html I have posted above your computer has been hacked and not the website, redo the page and try to post it. - Tom

34 posted on 12/20/2004 8:13:08 PM PST by Capt. Tom (Don't confuse the Bushies with the dumb Republicans - Capt. Tom)
[ Post Reply | Private Reply | To 1 | View Replies]

To: mplsconservative
Just lurking on this thread trying to learn some of the lingo.

What's your level of experience and expertise thus far?

I'm technology challenged.

Just remember: the only dumb question is the one that isn't asked. :o)

I do know how to spot a dorky troll though. (:

That's a marketable trade in these parts! :o)

Merry Christmas and a Happy New Year, Prime Choice!

Merry Christmas and Happy New Year wishes to you and yours, too!

35 posted on 12/20/2004 8:16:11 PM PST by Prime Choice (Merry Christmas and a Happy New Year! ...And no, my powers can only be used for Good.)
[ Post Reply | Private Reply | To 30 | View Replies]

To: Prime Choice

Glad I could help.


36 posted on 12/20/2004 8:16:14 PM PST by Splatter (A foolish man is able to learn, has the opportunity, and does not do it..)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Splatter
This you?

Nope. This is. :o)

37 posted on 12/20/2004 8:17:51 PM PST by Prime Choice (Merry Christmas and a Happy New Year! ...And no, my powers can only be used for Good.)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Prime Choice
That worm hit other websites, too.

Which sites? There have been no such reports on any computer and network security lists that I'm on.


http://www.vizacc.com

This is the site I found hit with the worm. I had accessed it a bit earlier in the day. Then, later in the afternoon, I tried to access it again, and it showed the 'worm' information. It still isn't back up and running.
38 posted on 12/20/2004 8:23:12 PM PST by TomGuy (America: Best friend or worst enemy. Choose wisely.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: TomGuy
This is the site I found hit with the worm. I had accessed it a bit earlier in the day. Then, later in the afternoon, I tried to access it again, and it showed the 'worm' information. It still isn't back up and running.

Odd. The vizacc.com site runs on IIS/5.0, whereas the other site runs on Red Hat Linux. There are no worms that are capable of attacking two OS's (so far).

39 posted on 12/20/2004 8:35:45 PM PST by Prime Choice (Merry Christmas and a Happy New Year! ...And no, my powers can only be used for Good.)
[ Post Reply | Private Reply | To 38 | View Replies]

To: mplsconservative; Prime Choice

Gee guys, ranks-a-rot. lol

I just spent 10 minutes trying to figure out why you wanted to have Armedanddangerous zotted. I checked all his recent posts, (even read through some of the threads), and his join date, etc. He seemed fine to me - never found where he posted the same link all over the place.

[OK,OK, so I should have followed the trail to post #19 which had already been deleted by the time I read the thread.]

Could ya'll do me a favor and mention the poster's screen name when you start talking about zotting someone. It sure would help to make more sense of the thread. I'd really appreciate it.

Thanks, guys.
;^D

FReegards


40 posted on 12/20/2004 8:52:48 PM PST by RebelTex (Freedom is Everyone's Right... ...and Everyone's Responsibility!)
[ Post Reply | Private Reply | To 25 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-59 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson