Banning defaced site posts. Policy change?

deRanged

As long as it's only posts consisting of lists of defaced websites that are banned then I'm totally in favour.
Defacements per se are not good topics for discussion, the vulnerabilities behind them may well be.
I'm presuming that it will still be possible to say things like, "wow, IIS is getting a hammering this week, I wonder where I might find out if my website is vulnerable to all these hacks/defacements I've been hearing about in the news."

Lord Khan

kinda have to agree ... the amount of posts about defaced sites is getting stupid... yeah we know they've been defaced we all look at the site Attrition but as X_Or said they've practially stopped. I'm not that interested in where gets defaced to be honest... oh jeeze another site got defaced lets look at it ... they are never much to look at few lines of text and a shout out.
I do have to agree about Tom's "Stop giving me a shout out" posts, one would have been enough ... and why tell us ... go to #hackers_ireland on d*lnet that's where all the l33+ are.

I think deleting posts announcing them is probably an ok idea ... but let the discussion about them go on at least.

don't read those q news post at all .

DeV's got my support on the policy. not that it manners since it's not a democracy anyway hehe.

and it's not exactly script kiddies posting about the defacement either ... afaik with out having to return to the topic list ... there was Tom@the box and gandalf (jeeze who'd even consider him a kid? :biggrin: )

Evil Phil

Not really in the security field myself as such, but I do need to know stuff about webservers. So I come here and read. Posting defaced sites though doesn't seem to achieve anything other than a bit of infamy for the idiots. I say ban them.

However, discussions on patching exploits (not the exploits themselves) would be a good idea.

ecksor

I don't like the idea of banning anything. Actually, if I'd banned one of the "site defacements" posts it'd probably have looked like I was doing it because he accused me of doing them

The general opinion seems to be a call for more moderation, which I don't have a problem with doing. Opinions?

ecksor

Again, this is not a democracy. No guarantee that I'll do what you suggest, but I will listen.

Obviously if DeV wants them banned, they'll be banned.

Lord Khan

<font face="Verdana, Arial" size="2">Originally posted by X_OR:
I don't like the idea of banning anything. Actually, if I'd banned one of the "site defacements" posts it'd probably have looked like I was doing it because he accused me of doing them

The general opinion seems to be a call for more moderation, which I don't have a problem with doing. Opinions?</font>

nah moderation here is grand cleanest forum of the lot really always a joy to read no spamming muppets here ... I just think really people should stop posting " ***** site was just hacked/defaced" and possible delete or troll any post that is purly posted for the sake of it. tom in fairness was trying to voice an opinion or defend him self over it ... but saying he thought it was you was a bit overboard, defacing is a bit below even you . you just like screwing people around that's all

DeVore

Discussion is always welcome,
for god's sakes guys I was one of the two people who set up Electronic Frontier Ireland and I'm a card carrying member of Amnesty International, freedom of speech is very important to me.

What I am trying to avoid is the security boards turning into an announcement board for kidiots.

If you recall correctly, I was the one who created the board in the first place and I was pretty sure that we'd be sailing close to the wind on topics discussed.

Thats cool, boards was always a place you could talk about stuff like that. BUT and its a big but, I dont want to provide a platform for announcing *greetz* and parading the latest vandalism.

Discussing holes (provided it isnt a "how to hack this hole" post) is always welcome, without discussion we wont know how to fix them or what patch to apply.

<font face="Verdana, Arial" size="2">I'm presuming that it will still be possible to say things like, "wow, IIS is getting a hammering this week, I wonder where I might find out if my website is vulnerable to all these hacks/defacements I've been hearing about in the news."</font>

Thats a very good definition of what this board is about deRanged.

DeVore.

jd

defaced sites are boring at this stage.
If someone is really interested in displaying them to the world let them set up their own "l33t" :-) web site

logic1

Yeah I'd agree on a ban on posts simply stating hacked sites or linking to hacked sites.
If anyone wants a listing I believe Bedlams site is usually about the most up to date list of cracked irish sites and mirrors of the crack itself.

This security board wasn't implemented as a broadcast vehicle for the infamy of idiots.

I also believe that this security forum hasn't quite taken off yet because there is so much discussion about what should and shouldn't be discussed here. I believe this is deterring people from posting as they may think it isn't a suitable topic etc..

Maybe a set of guidelines detailing what the purpose of this forum was envisioned to be at it's time of creation may show people the guidelines in which to follow and what is and isn't considered suitable.

IMO anything security related which provides a certain amount of useful information on a given topic that serves to educate is more than acceptable.

These "i h4xx0r3d www.spunkmunkey.net posts are neither informative or interesting.

.logic.

ecksor

Logic, we don't give a damn that you cracked spunkmonkey.net, please take your script kiddie nonsense elsewhere.

logic1

I find the term script kiddie offensive and am on the way to humaities as I type. I'd rather be called "Neuroly challenged yet compiler savvy"

.logic.

fisty

spunkmunkey.net hacked?
nooooooooooooooooooooooo!!!!!

Cake Fiend

wh33t, free passwords.

DeVore

wow, that was one of the longest On Topic posts I've seen on boards

Ok, back to topic now.

DeV.

(pity about spunkmunkey.net though...)

Talliesin

There is no point in defacement notices:

1. They don't prove anything; a defaced site could be the most secure site in the world apart from one hole that a kidiot tool found. A site that was never defaced may be wide open.
2. They don't add to our knowledge of security.
3. They don't create an interest in security, or to the extent that they do they create much more clueless hype and Info-Sec could do with less.

If a big name gets defaced, or someone we know (like here for instance) then there's understandably some interest.
If a rash of defacements are known to be linked to a particular hole then it could actually be useful.

For the most part it's just crap.

Being good at computer/information security is the geek equivalent at being "hard". Posting umpteen defacement notices with no useful information is the geek equivalent at acting hard when you're not, it's nothing but macho posturing crap.

It's no different than people who mail everyone with pointless warnings about virii that are no different than the other virii we already know about (every ****ing time I get 0 virii and 10+ warnings in my mail, never mind the Spamming of boards and newsgroups).

Ban them.

The "freedom of speech" aspect isn't an issue, it's not like we're banning them anywhere on the entire Internet.

DeVore

I'm considering and discussing the option of removing posts which are vehicles to announce web-defacements on these boards.

Thats NOT what this board was created for, it was created to discuss security in a positive and constructive manner.

In keeping with our usual policy changes I'm opening this up to the community for discussion. Its not a vote, this isnt a democracy, but its a chance to voice opinions and put forward arguments for and against allowing such posts.

I want to be clear what we are discussing here. I'm proposing banning posts which consist solely or primarily of announcements of lists of defaced sites as we have seen in the past week.

I'll post my views on it below as I dont want to mix my opinion with the suggested policy change.

DeVore.

fisty

I agree completely,
Let the script kiddies set up their own boards if they want to show people how 3|337 they are.
I have absolutely no problem with that policy change.

p.s. lol?

fisty

er devore, since your here - how do i change my face beside my name - crazy homer gets old, quick.

root

I realise this isn't a democracy but here are a few points I would like to make.

I would be not in favour of banning defaced website messages.

This is one of the few sites related to Irish security that is frequently updated.I mean the electronicnews.net security section is so slow to update that their last defacment news was May 5th.Also Hackwatch seems to be quite slow to update.

I feel that it is in the publics interest to have a free flowing discussion on such items, and the best place for that is boards.ie which has continual input from the community.

Lenny

Fisty, if you look just right above devore's post
you will see this

profile | register | preferences | faq | search 

Click on the profile, and type in your username and pssword, then you will see your profile and to change you icon, it will be the first option at the top.

Pablo

'tis the smartest thing to do .

you have my support DeVore

Hobbes

Got my vote Devore. Poor kiddies have no score board since attrition.org shut it down.

DeVore

Root, you havent actually put forward a reason *why* letting those sites be published is a good thing.

This isnt a democracy but its not a dictatorship either. This policy is up for discussion and argument can sway the decision on it.

Right now my thinking is that we are the stage on which these defacers announce their vandalism.

I notice that Attrition.org is to cease mirroring defacements now, I can imagine for the same reason.

Are we actually doing any good proclaiming these defacements to the world or are we just jerking the kidiots off.

I mean, is this really newsworthy?

DeVore.

Hobbes

I don't know devore I think I've changed my mind. I mean you have any idea how vital it was to my life to know that Portlaoise credit unions website was hacked!

ecksor

Attrition stopped mirroring defaced sites because the workload got too much and was no longer "just a hobby".

ToM's recent "stop giving me shoutz to _all_ of these defacements, <insert list here>" type threads are a bit off putting.

Personally, I think that any sort of ban on discussion is a bad thing. Highlighting defacements is good and bad, good from the point of view of possibly raising awareness of a need for security amongst people, and bad because it gives retarded h4x0r brats a chance to spout and gives them the attention the desperately crave.

Personally, I don't care enough about their ego trips, and I don't think that stopping them from advertising here will stop defacements from happening. Having said that, pointless threads will be locked and/or moved to trolls.

meglome

I think it's most likely that the defacements have got worse since our script kiddie friends have got a forum to boast about it. But whether this means we should stop them is another thing. The reality is that these sites are vulnerable to attack and may contain confidential information about all of us. I personally don't want my Credit Card details available to the world, so maybe these defacements will have a positive affect on admins securing web servers in Ireland properly. It does seem at the moment that, on the whole, security is very poor. Our own website hosted by UTV Internet was defaced www.doesnotcompute.ie/misc/defaced.htm
But our own internal systems are kept very secure as we make a conscious effort to ensure this.

Don't shoot the messenger, fix the problem.

---

www.doesnotcompute.ie
www.gamire.com

amp

Actually I'd class the boards as a benevolent dictatorship, something like China only with a better human rights record

I strongly disagree with the proposed policy change because it's essentially censorship for imho are the wrong reasons.

Yes some of this script kiddies might well try and use Security as a "look at what me and |33t mates did" kinda place. So, are we going to just pretend that sites don't get hacked?

Would the Evening Herald decide not to publish stories on factory break-in's even if it was the criminals who tipped them off?

Removing posts linking to defaced/hacked sites is the equivilant of sticking our heads in the sand.

Besides if the skiddies come here to boast then isn't that going to make it easier to catch the morons?

---

Lunacy Abounds! GLminesweeper RO><ORS!
art is everything and of course nothing and possibly also a sausage

[This message has been edited by amp (edited 24-05-2001).]

Lord Khan

Don't think freedom of speech is much of an issue. Not sure how the admins look at it.

The Irish constitution may guarantees freedom of speech, this is not a public place or public forum. Ok, just to clarify that, I treat the aspect of having to register as being an invitation to join as such and the fact that you have to register making it private not public. The Guys owns all these pages and space is therefore allowed to censor or delete messages or words or BAN users as it pleases. And therefore, althogh the incidental words that they deem may be be offensive are censored, purposeful attempts to circumvent the censoring may result in being banned. Any information contained in any pages, generated or static is the property of Site owners.

not everybody who reads this forum will get the virii warning sent to them for various reason ( not subbed to the lists or what not , I don't sub to any virii mails I get enough mail already ).

think we have a practical consent towards the removal of simple spam "Defaced threads" by now?

btw dev like the term kidiots... should patent it asap :-)

Good Damit spunkmunkey.net ... isn't anywhere safe now? what's next? *minute silence in honour of spunkmunkey*

Lord Khan

I can't under stand why People (while one person) keeps saying that the script kiddies have a forum to post on ... and thinking that they means these boards?

'cause afaik no script kiddies has put his work up here

FreaK_BrutheR

I do br quite interested in these posts really. dunno why. maybe cause i'd like to know how exactly its done and stuff. anyway as has frequently been said if you dont have an interest in it dont read the post.

---

_ _ _ _ _________ _ _ _ _
<A HREF="http://homepage.eircom.net/~cullenm&quot; TARGET=_blank>

</A>
http://run.to/pile

nitr0s

I don't think there is any point in telling us all about defacements on this forum.There are enough sites already that cover that area, so maybe just asking people not to post would be enough?
Defacing is an easy thing to do these days with so many problems in systems.
I think most administrators are lucky enough to have just the frontpage of the site modified.
For a start, how long would it have taken an administrator to discover an intruder without the page being touched? especially when the administrator doesn't take security that seriously, or does but doesn't have the time to attend to the problems.
Security isn't being taken seriously by the majority of admins in Ireland.Its still poor, and all admins can do is label the people breaking in as "lamers" "script kiddies" or some other lame excuse not to do their job, its pathetic.
After most defacements are done, you can be sure someone will be trying to get back in, from all corners of the world they come with their programs and scripts blazing, and if they do break in, they won't tell you.
In the schools around Ireland, most of the systems are being used for IRC bots and launch pads to other attacks, I've seen them.
The administrators don't seem to give a toss, you tell them "hey, look at this" and then check back later...whats done? **** all.
What needs to be done in order to point out how serious a problem it is? If one system is broken, you can bet in a short while, every single system on that network will be.
Defacing is very harmless compared to what could be achieved.
BTW: This is just what I think, If you don't agree with me, fair enough, i'm not asking you to.But I know at the moment in several major colleges with computer networks, they have been broken into and are currently being used to extend attacks.
I've seen one fellow from bulgaria, root a Linux system remotely because of the default services running and replace ALL the daemons with patched versions, programs like 'ls' 'ps' 'netstat'...etc to hide and cover his tracks.When I mailed the admin about the person there, he ignored me, I checked back a few days later and noticed the intruder had then installed a sniffer, IRC bot and updated the kernel aswell as vulnerable services.
Same thing happening up and down the country and admins just don't seem to care.
Maybe they do, but why aren't they doing somthing about it.

ecksor

Try to stay on topic.

Victor

What spooked me about hacking was when the lotto got done and one of the "hiya"s was to someone I know.

That person could just have easily just changed the night's lotto numbers and cost someone a few million.

I don't think these people should be allowed to expand their advertising but at the same time there are a lot of admins who are not keeping security up to date (and software publishers leaving a lot of holes in their product).

---

---

Changing call sign to SIERRA PAPA OSCAR OSCAR FOXTROT.

quozl

<font face="Verdana, Arial" size="2">Originally posted by Victor:
That person could just have easily just changed the night's lotto numbers and cost someone a few million.

[/B]</font>

Are you on drugs? No of course they couldnt have. The exploit being used for most of these recent attacks just lets you insert an arbitrary text string in. Hence the muppety short Greetz msgs.
quozl

[fist]de_psIRE

Personally, I wouldn't want the topic of defacements to me removed entirely from boards. There are valid discussions to be had in this area, which would be badly served by the inability to post links to certain defacements. How they were done, who is doing them, what can be done to resolve the problem are all valid topics in my opinion.

What I do not agree with is the posting of topics to show how impressive your own hacking skills are. For a start, these people are admitting to a criminal offense which I would view as being more suited to a discussion in a jail cell then in our respected forums. Secondly, I would not like to see boards become a meeting place for these people where they can then enhance there own abilities to cause more of these defacements.

koriordan

For what it's worth, I say let people post defacements and whatever.

Sure, they provide little or no use to anyone. The same could be said about 9x% of posts on this board, other boards, newsgroups, mailing lists, and just about every other public forum.

Mostly, this kinda thing is about killing time, ego-tripping, and religious debate, or am I grossly mistaken ?

Ah, I guess I kinda like script-kiddies. A million greetz go by and the next one's just as fresh, just as sharp and incisive as the first. Can't beat that script-kiddie wit. Odd, that.

wintermute

I also feel that they should be removed. The purpose of this board, from what I gather, is to provide a forum for the free discussion of thoughts and questions in the area of Infosec, not an "I hacked this" BBS.

There is a whole world of difference between the following to (imaginary) topics:

1. Interesting method of defeating an LMF VPN architecture - any fixes?

2. www.tired-and-overworked-sysop.ie hacked by Capt. *******; Any comments?

Boasts about blowing bits of IIS do not, in my opinion, belong on a forum which discusses system security. They should be consigned to /dev/null or other forgotten regions of the kingdom.

Final point: These people appear to have such empty boring little lives. Maybe they should put this time to good use and set up some FIDO Net nodes or dial-in BBSes something.

wintermute

<font face="Verdana, Arial" size="2">Originally posted by koriordan:
Ah, I guess I kinda like script-kiddies. A million greetz go by and the next one's just as fresh, just as sharp and incisive as the first. Can't beat that script-kiddie wit. Odd, that.

</font>

We used to have DEMOs for that. Do they still exist?

But then, those guys actually knew assembly!

cat5cowboy

<font face="Verdana, Arial" size="2">Originally posted by nitr0s:

Security isn't being taken seriously by the majority of admins in Ireland.Its still poor, and all admins can do is label the people breaking in as "lamers" "script kiddies" or some other lame excuse not to do their job, its pathetic.

BTW: This is just what I think, If you don't agree with me, fair enough, i'm not asking you to.But I know at the moment in several major colleges with computer networks, they have been broken into and are currently being used to extend attacks.
</font>

Thank god you aren't asking people to agree with you, your comments show what I already think of you, you are a muppet.
One day when you grow up and get a job as a system admin and realise how much you have to do before you think about security then you can comment on such matters, until then I would suggest you keep your mouth shut on such matters.

Colleges are places to learn, if only ssh was open and users couldn't run any daemons do you think people would learn as much with limited resources?
I will end it here because I don't think your post is worth taking apart, anybody with half a clue will have realised after the first few lines that it is crap and would have moved on.


[This message has been edited by cat5cowboy (edited 28-05-2001).]

koriordan

<font face="Verdana, Arial" size="2">Boasts about blowing bits of IIS ... should be consigned to /dev/null or other forgotten regions of the kingdom.</font>

Where the hell's that ?

ecksor

I find it hard to believe you're not familiar with the concept of /dev/null considering that you have spoken so authoritatively on the subject of system administration in the past.

http://tswww.cc.emory.edu/Applications/man2html?null

logic1

I didn't reply as I assumed he was joking.

.logic.

ecksor

Maybe he was.

Hobbes

<font face="Verdana, Arial" size="2">Originally posted by X_OR:
I find it hard to believe you're not familiar with the concept of /dev/null considering that you have spoken so authoritatively on the subject of system administration in the past.[/URL]</font>

You could say his output device was broadcasting nulls. (obscure BOFH reference).

JustHalf

Root you git! I wanted that name!

spod

but what about the nl: device on a proper os?

JustHalf

<font face="Verdana, Arial" size="2">Originally posted by spod:
but what about the nl: device on a proper os?</font>

Which OS is this then?

Hobbes

<font face="Verdana, Arial" size="2">Originally posted by koriordan:
Hmmm. /dev/null sounds like a poor imitation of the recycle bin ... seems you can't restore deleted items from /dev/null, unless I'm missing something.</font>

Actually it would be the same as "NUL" or "NUL:" in windows/dos which also came after /dev/null, not before.

ecksor

I think the OS he is referring to is VMS.

Anyway, DeV has ruled on this issue.
I'm going to close this and all the defacement threads now.

koriordan

Hmmm. /dev/null sounds like a poor imitation of the recycle bin ... seems you can't restore deleted items from /dev/null, unless I'm missing something.

ecksor

For it to be an imitation it would have to have come after the recycle bin. Also, it's merely a pseudo device that swallows input and is always empty when read from rather than having anything at all to do with deleting files.