Free Republic
Browse · Search
News/Activism
Topics · Post Article

To: NativeTexun
Congratulations, Native Texun! This is great, you appear to be a newbie and here you've posted a news story as a response. This is amazing, fantastic, superb!

Some newbies would post a Vanity, non-news story or post a story already in discussion as a brand new thread. I'm very impressed. You must have read all the hints, guidelines, etc.

BTW, I'm a newbie myself compared to the many thousands of other FReepers.

Welcome!

17 posted on 02/04/2005 12:54:46 AM PST by bd476 (God Bless those in harm's way and bring peace to those who have lost loved ones today.)
[ Post Reply | Private Reply | To 16 | View Replies ]


To: bd476

Thanks .. I just Google'd "Infektion Group" and got lots of hits telling me there were other sites hacked in addition to Cyndislist.com. It seems the hackers have been quite busy lately posting that same message and picture on a number of sites.

If I remember correctly, they're from Brazil.

This is a much appreciated response from last week when I was accused of being a troll.


18 posted on 02/04/2005 1:25:22 AM PST by NativeTexun ("If you don't live in Texas, you don't live in the United States.")
[ Post Reply | Private Reply | To 17 | View Replies ]

To: bd476

Here's an interesting message they left at this site:

http://www.inside-thailand.com/

(the "F" word edited with "*" for purposes of posting to forum)
___________________________________________________________

Join against them before it if joins against you

greetz: Infektion Group members, Innocent boys, siemens, my real friends and all the peaple that help us.

And a big Fu*k to : all the peaple that hate us, USA and your government imperialist,

all the Neonazists, Bush, Tony Blair ( the dog of Bush ), coca-cola.


19 posted on 02/04/2005 1:34:33 AM PST by NativeTexun ("If you don't live in Texas, you don't live in the United States.")
[ Post Reply | Private Reply | To 17 | View Replies ]

To: bd476

Here's one more of interest that appeared after Bush was reelected.

http://scatoday.net/node/view/3111

East Kingdom web site defaced by protest group
Submitted by Justin on Thu, 2004/11/11 - 16:20. East | Modern Society | SCAtoday.net

Political protesters temporarily defaced the home page of the SCA's East Kingdom earlier today, replacing it with a page of their own creation.

A group of self-proclaimed "cyberterrorists" calling themselves the "Infektion Group" [sic] replaced the home pages of over 100 sites on the same server as the East Kingdom site with their own page protesting the U.S. election results. The defaced page read:
___________________________________________________________
Infektion Group Owned You

CYBER-TERRORISM

The war of the lier Bush feeds the hate
each day grows more and more!

dominusvis@click21.com.br
_________________________________________________________

Below the text was a photographic image of the Brazilian flag. The word "owned" is a term used in hacker and cracker circles to indicate that a site's security has been compromised. Misspelled words, such as "liar" and "infection" in the above, are often intentionally part of so-called "hacker-speak" or "L337-speak" (pronounced elite-speak), a way to present an edgy image. The misspellings may also be due to the page having been created, apparently, by Brazilians, whose native language would most likely be Portuguese.

The click21.com.br domain belongs to a Brazilian company located in Rio de Janeiro, though of course there is no proof that the company knew anything about the attack, since anyone could have put that email address into a web page.

Robin Gallowglass, the East Kingdom Web Minister, says the attackers struck at about 12:53 a.m. US Eastern time, and that he first learned of the attack at about 8:00 a.m. "I was able," he says, "along with my fellow system administrators, to identify the vulnerability that was exploited and plug the hole. The defaced index pages were replaced from backups by approximately 9:30 a.m." Gallowglass says extensive backup precautions saved the day, and that he has an automated backup process that makes archival copies of the web page multiple times per day.

Gallowglass says that an unfortunate default setting in the security of the PHP web programming language was to blame. The PHP software itself had not failed, but the incorrect setting "allowed a file name for a included file to be either a path to a file on the local file system or a remote URL. This allowed the attackers to inject malicious PHP code that allowed them access to all the websites on the server." This sort of remote scripting exploit can happen in many web programming languages, and has been reported in numerous cases for both Linux and Microsoft web servers. In the case of this particular server, it was a Linux machine that was affected. The equivalent Microsoft technology, Active Server Pages (ASP), has been subject to the same kind of error in the past.

Gallowglass says that the server admistrators are careful about security, and blames poor documentation for the fact that this vulnerability "was missed in our periodic security audits." The vulnerable default setting has been changed, and Gallowglass and his colleagues took advantage of the server downtime to upgrade the Apache web server and the PHP programming language to their most recent security patch levels.

Computer security experts say that security is never perfect, in spite of a system owner's best efforts, and that off-site backups of important data are an essential part of site management because these are isolated geographically from the compromised system. In this incident, those off-site backups allowed fast recovery.


20 posted on 02/04/2005 1:42:51 AM PST by NativeTexun ("If you don't live in Texas, you don't live in the United States.")
[ Post Reply | Private Reply | To 17 | View Replies ]

Free Republic
Browse · Search
News/Activism
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson