My ISP was hacked...

[Guest JaseP]

My ISP,... ENTER.NET, was hacked tonight by a skript kiddie calling himself d3Tox. He apparently used an exploit in Apache to go root on the server and change every file named index.html on the machine to his little script kiddie message.

 

My ISP had the server back up in about 2 hrs., and luckily I had a backup of all my index.htmls for my website. However, any Linux user who does this sort of thing should be ashamed of themselves. These "L337 H4xorz" are nothing more than a group of cowards hiding behind a keyboard, thinking that their bag of script kiddie tricks are real knowledge.

 

This cyber-punk trashed a bunch of websites besides my own. They include the websites of several local police departments, fire-houses, and community action groups which service my community. My only hope is that this hacker is caught and introduced to the legal system. Of course I would hate to see this person anally raped in prison,... or would I ?!?!?!

[mtweidmann]

I agree with you, I hope they do get caught.

[linux_learner]

i dont trust anyone for anything. this makes good security sence. there are a number of good linux security administration sites. i also found the book "hacking linux exposed" a great resource. in order to secure your system, you must think like a hacker.

 

i do realise how annoying this can be, to have been hacked. while hackers such as this should be prosecuted to the fullest extent of the law, i do believe they also do us a favor. forcing us to secure what we niavely took for granted. forcing bad code in software to be fixed. security isnt like a firewall, or patches. security is a process. it is a process of checking logs, IDS, port scanning, patches and such. one that must continually, vigilantly be done. our job is to out hack the hacker. so while your anger is understandable, take this time to learn from it, to prevent it from happening again.

 

if your ISP hasnt already taken messures to fix this vulnerability, then you might consider advising them :wink: , and of course they should report it to the authorities. in order for the law to prosecute, the damage has to be in exccess of $5000. the damage, however can include investigation.

[Guest JaseP]

In Pennsylvania, where I live and where the ISP is located, it is a felony to disrupt or damage a computer system. There is no $$$ amount attached to it. So PA has local jurisdiction to fry this person. Granted,... this person probably isn't even in the USA. However, a warant for their arrest might still be entered, and international action might be taken if the cost of repairing the computer system was high enough.

 

On a related note,... My ISP restored all of the damaged files from backup, which meant that an improvement I made got revereted back to the old web design... I've since fixed it, but I can just imagine all of the problems compounded by this. I would wager to say that lost revenue and extra wages paid by the ISP for this problem probably exceeds the $5000 amount,... and I also gave them the e-mail address of one of the State Police Troopers who participates in the Computer Crimes Unit.

[Gowator]

So much for the brave new world.

 

Of course this sort of thing is upsetting but its no different from the kids who spray the subway's or whatever.

 

On occaision these kids become famous artists and some script kiddies also get recognition....

 

However, without recognition or acolade these script kiddies would starve. If you know what your doing then eventually most systems can be cracked, and like the subway companies locking the carriages away when they aren't used this just passes on somewhere else and eventually they are trashed anyway.

 

I think the best way to deal with these people is as vandals. People who damage proerty for no reason except the damage. Treating them as master criminals is just elevating them to a status they don't deserve.

 

Locking them in a prison to learn how to become real criminals os probably not a great way to deal with this. Unfortunately they are unlikely to be too stupid to learn how to use this for commercial profit rather than vandalism and once they do that and have funds stopping them is going to be somewhat harder.

 

If the kid can afford to keep a maintained server (or 10) in china etc. then how do you trace them next time. If I wanted to do this i would buy some hop points in places like china or FSU where I would be guaranteed a few cut-offs that are untracable.

[Sarissi]

Who says it has to be a kid? The culprit(s) may be agents of a hostile foreign power, or even something like Al Queda. There are all sorts of possibilities, including Anarchists.

[Gowator]

Who says it has to be a kid? The culprit(s) may be agents of a hostile foreign power, or even something like Al Queda. There are all sorts of possibilities, including Anarchists.

 

Erm this....

 

He apparently used an exploit in Apache to go root on the server and change every file named index.html on the machine to his little script kiddie message. 

 

This is just like spraying the subways!!!

 

 

Unfortunately, the US has gone from being unaware of what most of the world thinks of the US to assuming everyone is out to get them in a short time.

 

In Europe and elsewhere we have been living with terrorism all our lives.

When Europe and inparticular Russia were warning against the rise of islamic fundamentalism and Moscow was being bombed on a regualr basis the US got all PC and told them not to blame it on fundamentalists...

 

As i heard there was a mad scramble to get people into the intellegence services who actually spoke Arabic, it now appears that the shortage was so acute that some of these people that were recruited appear to be terrorists themselves...

 

Now If I had been brought up in the sure and certain knowledge that the only threat faced by my country was communism then I'd probably be in the same position. Its only natural BUT

 

In Europe we have a lifetimes experience...

I don't doubt that criminals will take advantage of this situation.... pure criminals without beliefs extending beyond their personal wealth. You will have a wave of incidents looking like they could be terrorist based just because everyone is ready to believe it.

 

But we have been through that now and we have developed our 6th sense with these things ...:wink:

 

All the evidence is for a script kiddy changing the index.html stuff. It might be something more sinister BUT do you want to waste time looking for this link or try and prevent something REALLY sinister happening....??

 

In England we have a saying (or had in my youth) 'blame the gas board'...

If the road needed digging up, it rained when the washing was out ... whatever. But now the attitude (which I am not criticising) is to look for Al Qu'eda's influence everywhere....

 

The attitude which i am criticising is when this is pushed beyond all reason....Connecting someone like Hussein with Al Qu'eda is a loosing proposition.... its like trying to implicate the English monarchy with anarchists. Even if they both dislike something enough they will never set aside their mutual incompatibilites long enough ....

 

So take Occam's razor ....

Its a script kiddie out for attention ...

OR

Its secret operatives who just deleted the index.html stuff as a cover as they used the ISP as a cut-off while hacking into the Pentagon ???

 

Six months later the team of people who might have usefully been doing something else report back that there was no connection .... OR

[GodFlesh]

Who says it has to be a kid? The culprit(s) may be agents of a hostile foreign power, or even something like Al Queda. There are all sorts of possibilities, including Anarchists.

 

 

 

Haaaaaa ! paranoia....

good laught !

 

 

What would be the goal of hostile foreign hackers ? They are interested in cracking important sites, like the pentagon. Or to hit you were it is the most efficient : ie money.

Who cares about a little isp lost somehere in the us ?

Nobody !

 

This is a skipt skiddie stuff. And like it or not, the majority of them are american, just because your country is huge and has a great proportion of computer/inhabitants and net access/inhabitants. Anyway, i would be real stupid to attack a site on your country. So lets says it a little vandal sript kiddie who is bored in front of is computer....

 

Last year, my debian server at home was hacked. But the guy was nice. He just left a little text saying he likes the style of the music i listen too :)

[Qchem]

> Of course I would hate to see this person anally raped in prison,... or would >I ?!?!?!

 

I know you feel strongly over being hacked (and I don't blame you), but do we need to resort to expressions like the above? I can think of a more suitable punishment involving pliers and a blowtorch...

[Guest JaseP]

> Of course I would hate to see this person anally raped in prison,... or would >I ?!?!?!

 

I know you feel strongly over being hacked (and I don't blame you), but do we need to resort to expressions like the above?  I can think of a more suitable punishment involving pliers and a blowtorch...

 

That would be painful,... yes. But it wouldn't carry with it the requisite humiliation...

[cjc]

Of course I would hate to see this person anally raped in prison,... or would I ?!?!?!

Master JaseP:

 

Do not your students require a live punching bag, with which to hone their Tang Soo Do techniques?

 

Master, I humbly submit this person would better suit your class than a PA prison.

 

Many pardons Master, for my evil thoughts, TSD is a pure art form, please leave the scum to us TKD devotees.

[Gowator]

So what if anything is different from this kid going aout and vandalising the public transport or whatever...

 

So far as I can see this is just a high tech equivalant of spray paining the subway.

 

Its no gain, accolade only....

 

WHY???

Why does society love to drag up a 'street artist' who has been vandalising a city for years (... all the better if they have AIDS ... society can show its compassion. )

 

WHAT IS THE DIFFERENCE .....??

 

How does (esp NY) polite society love to take these vandals and express how they were painting the subway and peopes property becuase inside they were just a tortured artist.

 

When one of these artists 'comes clean' and admits that in their youth they did 'street art' then lock em up somewhere they will be gang raped!!! Or use them as a kickbag.... ????

 

Locking these people up (or sending them to New Jersey) is only likely to turn them to doing this for profit....

Take the criminals who reform in prison and come out to sell their work...the work of a tortured mind.

 

If you must take these kids into your martial arts classes then please...

Do it with a sense of instilling some discipline and self respect into them.

Teach them to respect themselves and others ....

Teach them that high kicks look really cool !!!

 

Whatever ....

these people are crying for attention becuase they feel worthless.

Martial arts can instill a sense of puropse and discipline into anyone...

[Guest JaseP]

Of course I would hate to see this person anally raped in prison,... or would I ?!?!?!

Master JaseP:

 

Do not your students require a live punching bag, with which to hone their Tang Soo Do techniques?

 

Master, I humbly submit this person would better suit your class than a PA prison.

 

Many pardons Master, for my evil thoughts, TSD is a pure art form, please leave the scum to us TKD devotees.

 

There's no such thing as a "pure" Korean martial art...

 

Besides I don't want to soil my hands and feet on someone like this. I'd prefer to hear of someone else do the dirty work... Making them squeal like a pig from "Deliverance" would just be poetic justice.

[DragonMage]

Ok.. this is getting off topic now.. Martial Arts is definitely not related to how an ISP getting own3d. Although a good martial artist can protect against physical access to the computers, a good lock and key can do more with less money and maintenance.

 

Besides.. I prefer softer martial arts, like wushu, or taichi :P