www.eolas.ie, www.droghedacu.ie, www.portlaoisecu.ie DEFACED script kiddies !

LegacyUser · 21-05-2001 09:05PM #1

www.eolas.ie, www.droghedacu.ie, www.portlaoisecu.ie

A lot more Irish domains are under attack some lamer is posting me the address and shouting out to me with them I dont know ho my guess is its jerry.

Regards

Tom.

ecksor · 21-05-2001 10:24PM

1 - I never defaced a site in my life.
2 - If I did, do you honestly think I'd be doing it to impress someone as clueless as you?

DeVore · 21-05-2001 10:42PM

Defacing has to really be the sadest thing going, I mean its like children scrawling on the walls.

Its such an inherently destructive thing, it teachs nothing, it creates nothing, its not even artful. Its a loner's cry for attention.

DeVore.

Lord Khan · 21-05-2001 10:44PM

bubbles

nah seriously site defacing is really low though beneath script kiddies maybe?

Lenny · 21-05-2001 10:56PM

site's are all down now..
anyone got a saved page of them?

wintermute · 21-05-2001 11:33PM

I think that the recent defacings are a welcome wake-up call to remind some people that security isn't static but rather an ongoing process. Hopefully, it will prompt many organisations to examine the security of their own systems before a serious breach takes place.

If you think that this is perhaps a strange point of view, then take a case I was involved in not too long ago:

I get a phone call from a fairly new client saying that their website had been defaced. Because of the nature of the client's business, I carried out a full incident recovery, which discovered that it was nothing more than a standard script kiddie.

Now the scary part: This breach prompts them to retain me for a full audit. It turned out that they had a guy who had been in their system for about six weeks. This was no script-kiddie, he knew what he was doing and what data he wanted from the site.

If they hadn't been prompted a by a simple defacement to get a full audit then this guy would probably still be there, mining away.

In my opinion, a defaced website may be a pain in the ass and PR problem but, on a scale of 1 to 10, it's a 1.

Evil Phil · 22-05-2001 10:46AM

Somebody apparently has 'issues' with Irish Credit Unions. Perhaps they couldn't get a loan without their parents permission?

Hobbes · 22-05-2001 01:08PM

Originally posted by Lord Khan:
I think the main reason people hate script kiddies is simply they are out to destroy/damage not to do anything else. I

I think it's more because the script kiddie tends to have 0 clue about what thier doing.

The only thing I hate about defacements is the kiddie shows thier l33t HTML skill by posting a text file or 2 lines of text. I mean how lame is that. If your going to deface a site at least do a good job and make people laugh at it.

Also a lot of those "shoutz" seem to point to people who would shop the kiddie in a heartbeat if the cops came to them.

regi · 22-05-2001 06:01PM

But will they have fixed the problem (and checked for any other patches they missed)! Actually more to the point, why wern't they keeping up with the patching of their servers .

The trouble here is that very often Microsoft patches are terribly badly tested and badly implemented. I've seen MS patches kill more installations than powercuts, script kiddies and clumsy people with big feet.

I think if every admin could install the latest patch with confidence, rather than try it out on test machines, we wouldn't see nearly as many defacements. Most people reading this thread will remember the carnage caused by sp4 and sp6

Ronin · 22-05-2001 06:15PM

The box's aren't hosted by esat as such, they are hosted within our webfarm. The people who own the box are responsible for their maintanence and security, or lack of in this case

.

All are most likely running some version of IIS

Paul.

root · 22-05-2001 07:20PM

Can we shut up with all this Script Kiddie nonsense.

script kiddie has now become synonymous with any website defacement.

Before you call someone a script kiddie, consider why you can them a script kiddie..

- Do you know them ?

- Do you know their knowledge/skills ?
No, if you don't know their identify you can't claim to have better skills than the "script kiddie".

- Why do you revert to stupid steriotyping ?
That's not very intelligent.

- If you haven't researched what hole they
exploited or what they have actually done
besides the defacement , you don't have an
awful lot to go on.

Unless you know the person and are willing to state their name in public and risk legal action then calling them script kiddies make you sound like the kid.

If a company has paid 5000 for a website a zero for security I see this as their own fault.These defacements are a fact of life and will continue while incompetentent people administer security and websites.

You can't judge someone unless you know them.

Hobbes · 22-05-2001 07:42PM

Originally posted by root:

script kiddie has now become synonymous with any website defacement.

script kiddies pl.n. The lowest form of cracker; script kiddies do mischief with scripts and programs written by others, often without understanding the exploit.

Considering the IIS exploit is very well known it doesn't require a genius to run it.

Btw, big deal someone knows how to break into boxes using posted known exploits. They want some kind of recognition of how c00l they are and how l4m3 the admin is? Gimmie a break. The only people who should be getting credit are the people who found the exploit in the first case.

All script kiddies are is vandels.

DeVore · 22-05-2001 07:55PM

Root, explain this to me.

1. Boards.ie was defaced. It was a script, it wasnt even a very good script as it errored.

2. We didnt pay anything for this website design and cover the costs of the server from our pockets. We secure it by patching it ourselves. Patches are not necessarily good things, in fact it may be a recent patch that is causing us current instability.

3. The kidiot who did it didnt leave any indication of how they did it, so how are we to know what hole it is we were attacked through. Its likely the kiddiot himself doesnt know.

4. We do this for the community. You are using the boards we provide you to call us morons effectively. See those ads? They are non-paid for community ads, we've run them for anyone who has asked. How about you give something back to the community and post here latest relevant information on fixes and patches.

5. Why do you laud people who are effectively vandals and insult people who are trying to give the ordinary joe on the net somewhere to hang out. We arent a big corporate with millions of quid behind us, we're a bunch of regular net users trying to form a community that isnt backed by a big media company. We'd be a whole lot better off if we didnt have to spend a lot of our spare time rebooting the server and watching for this sort of crap.

DeVore.

DeVore · 22-05-2001 08:02PM

Also, you imply that we will have "learned" something from the experience. Well all I've learned is that we shouldn't have féckin bothered to try something different and you should all be left to the tender mercies of big companies like Esat No Limits and Eircom.

By attacking just anyone they drive the small guys out of business and the big guys have the budget to cover themselves. Congratulations.

But what does our kidiot care, he got his name in lights for 5 hours, and he's up on attrition.org right?

There used to be a political point to defacements but now its the cyber equivalent of "hey mom, look at me!" *waves*.

If you cant create, dont destroy the work of others and dont *even* give me that "its for the good of humanity and security" bull, its for immature self agrandisement.

*Greetz!*

DeVore.

dahamsta · 22-05-2001 11:34PM

Well said DeVore.

Root, in all seriousness, I have no idea why you're taking offense.

The simple fact of the matter is that people who deface websites deserve absolutely no respect, not from us, not from their peers, not from anyone. "Script Kiddies" has come to be defined as someone who defaces a website using little or no skill, and it's used because 99% of the people who deface websites fit into this category. It's very, very likely that the people who defaced all of these sites over the past week or so fit into that category, so fvck them, I'll call them script kiddies.

If they want to stop me calling them script kiddies, they can start showing some respect for the people who own these sites. They don't have to stop hacking, in fact they can even continue using the tools that REAL hackers write if they want, but they can use them PROPERLY. Find a hole, report it. Got root, report it. If they _really_ need to prove how big their d1cks are, stick a page somewhere else on the website instead of putting their idiotic hax0r <rap up there.

I respect security consultants. I respect hackers. But I will never, ever respect website defacers, even if they're ninety and they write machine code. They can go s<rew themselves, and I for one will take great pleasure in beating the living crap out of the first one I catch. I'll call all my sysadmin buddies too, so they can have a go, because I KNOW they'll buy me drink for weeks afterwards.

adam

Lord Khan · 23-05-2001 12:36AM

hehe nice theory phil

i'd be right in thinking all those websites are on the same server ... haven't checked before making this post. same probably goes for the other post.

but I dunno ... Irish Companies really don't seem to take computer security too seriously. I worked with a few multinationals and I know they have really tough security policies.
I know quite a few view it as a really expensive task ... and it is, and most will say they'll accept the risk.

I think the main reason people hate script kiddies is simply they are out to destroy/damage not to do anything else. I know quite a few guys who do get into system but they always email the sysadmin( some times from his own acc

) about it and the how and possible way to fix it.

Script kiddies are the probably the main reason why I support laws which can land them in jail for a few years( unfortunately the laws are full of loop holes here ).

it's a pain in the ass alright, any descent company will have restored the webpage within an hour.

tom ... can we stop pointing fingers, that's as bad as being a script kiddie is accusing people.

root · 23-05-2001 12:42AM

"Well all I've learned is that we shouldn't have féckin bothered to try something different and you should all be left to the tender mercies of big companies like Esat No Limits and Eircom." DeVore.

Well if that's you attitute jack the projet in no.Boards.ie is a nice ubb board and very popular.I'm not detracting from boards.ie in any way,shape or form.

What I do get annoyed with is the continual use of the term script kiddie.It seem to be the popular term to use to brand anyone who defaces a website.This is steriotyping and I think most people agree that steriotyping isn't a very good idea."all irish are drunks" etc...

Big deal, your website got defaced.It sucks.Get over it.

No where in my previous message did I condone website defacing.I just hate the stupid term script kiddie.It's as annoying as b3|nG 3l33t ! That's the whole point of my former message.

logic1 · 23-05-2001 11:17AM

Originally posted by Hobbes:
The only thing I hate about defacements is the kiddie shows thier l33t HTML skill by posting a text file or 2 lines of text. I mean how lame is that. If your going to deface a site at least do a good job and make people laugh at it.

I actually think this is due to most of the exploits only allowing the remote user to plant arbitary code into a file. E.g. sticking text in index.html. I know this is the case for the unicode exploit which has been very popular lately and maybe some others.

Root I think your blowing this script kiddie thing way out of proportion. It almost seems as if your taking this term of reference as a personal insult which can only lead us to believe that you partake in this cracking activity. I myself used to do a bit of it when I was alot younger and I think it can be a valuable learning experience (my sites were good though hobbes

) and I always mailed the admin with the exact method used for entry and a detailed patch description if not a link to a patch directly.

Also the practice of cracking a site planting your own index then deleting the rest of the directories cotent I find quite pathetic.

Some companies aren't up to date with patches etc.. because they are small low profit companies who have just spent 5 or 6 thousand on a new site and new company image and this has left them quite broke. They can't afford to employ someone to simply pathc their network non-stop. Now if it's a large multi national with the money and manpower for constant 24-hour server vigilance then all well and good they should be up to date but small companies can't be expected to be on the cutting edge of server security when their technical know how is limited to microsoft word!!!

Also alot of the "script kiddies" seem to think IIS is a piece of crap. Well if its so **** why don't ye get together and write something better? Is it that ye just like to moan because people alot more intelligent and skilled than ye will ever be are able to find the weak points of ANY program not just IIS and then give ye the little power and skill it takes to crack these services or programs using canned cracker tools? WHy not just moaning and causing damamge to other peoples property and go and create something better than the almighty microsoft could come up with and yes we all know about apache already exisiting but lets face it win2k and NT are always going to be there whteher we like it or not so wouldn't it be better to make it more secure and a better OS than complaining and continually attacking it?

The hacker ethic or improving software through co-operation doesn't seem to exist anymore... you people just seem to want to destroy anything ye can without ever trying to make it better.

.logic.

Lord Khan · 23-05-2001 11:27AM

yeah what he said :-)

root you are taking it a little personally

the term script kiddie is term like "Irish"
The point was made that they have "zero clue" which for the most part is true ... sure they were able to find a script ... not hard 5 mins with astalavista and you'd get one or at least a tut on how to make your own.

I seriously have the problem with them picking on the small companies like the ones mentioned here. I'd have less problem if they did it too say a large company like GEC ( GE capital ), because they can cover the cost and handle such. I think it is over statement saying that small companies spend £5-6k ... I'd say some spend less than £1k.

the point made by Dev about the patches is very true imho ... Some of the patches actually cause more trouble than they fix.

fisty · 23-05-2001 11:45AM

http://www.influence.org/~bedlam/misc/hacked/2001/05/21/www.eolas.ie/

Bedlam - why on your site do you put up copys of the hacked index.html?
Thats like rewarding these people.
That makes you as bad as them in my opinion.
Please come up with some lame response to this - thank you.
lol?

Hobbes · 23-05-2001 01:01PM

Originally posted by X_OR:
This debate about apache/beta on Win32 has been done recently ...

http://www.securityfocus.com/templates/archive.p ike?threads=0&mid=175894&end=2001-04-12&fromthread=0&list=82&start=2001-04-06&

[This message has been edited by X_OR (edited 23-05-2001).]

Ok point taken

Evil Phil · 23-05-2001 02:04PM

from the Win32 install of Apache:

WARNING: The Win32 release of Apache should still
be considered beta quality code. It does not meet
the normal standards of stability and security
that Unix releases do. There are numerous known
bugs and inconsistencies. There is also a much
greater chance of security holes being present in
the Win32 version of Apache.

'nuff said. (although said to nobody in particular)

I'm not saying that IIS is better than Apache on UNIX, but this isn't really about Apache v's IIS.

It's about some idiots defacing websites, including Cavan Credit Union's website. WTF?! Striking a blow for democracy and freedom are we? Credit Unions, I'll say that again. CREDIT UNIONS. hello? getting the message? or do I have to use more question marks on this thread? Script kiddies is a derogatory term, and it is used as such for a reason. They're idiots who can't 'hack' it in the real world so they pick on soft targets to make themselves feel big. They're the hacker equivalent of bullies.

logic1 · 23-05-2001 02:14PM

"We" don't need to. 

Well you seem to have placed yourself into the script kiddie group i was referring to so if "ye" are so happy with Apache stop whinging about IIS.

.logic.

Lord Khan · 23-05-2001 02:29PM

Originally posted by Evil Phil:
It's about some idiots defacing websites, including Cavan Credit Union's website. WTF?! Striking a blow for democracy and freedom are we? Credit Unions, I'll say that again. CREDIT UNIONS. hello? getting the message? or do I have to use more question marks on this thread? Script kiddies is a derogatory term, and it is used as such for a reason. They're idiots who can't 'hack' it in the real world so they pick on soft targets to make themselves feel big. They're the hacker equivalent of bullies. [/B]

ok I'm sorry but I've gotta say "roflol" the bit about the credit unions has me in stiches atm. ... I want to take this chance to say ... that should I die ... I nominate Evil Phil and Logic to continue posting for me ( Lads yer by far the most entertaining with out being stupid, quite intelligent in fact yer still a hippy though logic shave your head

)

logic1 · 23-05-2001 02:35PM

LOL I'll hippy you!

.logic.

Evil Phil · 23-05-2001 04:19PM

It would be an honour *shucks*.

dahamsta · 23-05-2001 04:42PM

Apache is still beta, as you say, which would discourage lots of people from putting it in a production environment. Still, if ASP support was up the IISs level then it could take a lot of the market share perhaps. (I don't see that happening any time soon).

If I was running a WinNT or Win2k server, I would place Apache on it before IIS. I ran Apache on my local Windows machine for development between 1.3.9 and 1.3.18, and I've driven it and never had a problem. There are bugs, but they're mostly things that just aren't possible within Windows.

All that being said, I would never, ever use a WinNT or Win2K server remotely. I run Red Hat, with a cron job running `up2date -u` daily, which clears up 99% of problems automatically. BUGTRAG picks everything else up for me.

Well you seem to have placed yourself into the script kiddie group i was referring to so if "ye" are so happy with Apache stop whinging about IIS.

No, that's what you wanted to read into it. The "we" was sarcastic, hence the quotation marks, a perfectly acceptable and recognised manner of demonstrating sarcasm in the written word. Next time I'll use italics too, if it'll make it easier for you.

And I'm not whinging about IIS, I'm saying it's security-hole laden piece of crap that I wouldn't run on one of my machines in a fit. It comes with security holes out of the box, and so do the patches. I don't even need to run it to discover this, I just need to read BUGTRAQ.

ecksor · 23-05-2001 05:00PM

Maybe you wouldn't use it, but ASP is a very attractive reason to use IIS, and apache on win32 still doesn't support it as well, nor is it likely to. If something doesn't have the required functionality, then how secure it is is beside the point when making a decision as to what to support.

As for Beta software, you can't trust it to have any kind of stability. Even if it has been observed to be stable by many people, it's still too much of a risk for some environments to take. No point in being secure if you're not stable, because you won't maximise your earnings.

dahamsta · 23-05-2001 05:54PM

Maybe you wouldn't use it, but ASP is a very attractive reason to use IIS, and apache on win32 still doesn't support it as well, nor is it likely to. If something doesn't have the required functionality, then how secure it is is beside the point when making a decision as to what to support.

Ok, I'll be honest with you and tell you that I've never used ASP, so I can't comment on anything but the server errors I've seen. But I do know that ChiliSoft ASP is out there, and although I know it doesn't replicate ASP exactly, it's reputed to be not far off the mark. I also have to say that the reason it's not perfect is almost entirely due to the fact that it's a replication of ASP, not a port, and the reason for _that_ is because Microsoft are afraid to open their source to peer review.

As for Beta software, you can't trust it to have any kind of stability. Even if it has been observed to be stable by many people, it's still too much of a risk for some environments to take. No point in being secure if you're not stable, because you won't maximise your earnings.

Well, the Apache people say it's beta, so it has to be considered non-stable. Personally speaking though - and it is only personal opinion - I'd still prefer to use it over IIS, and that's simply because I know that if I find a bug in Apache for Windows, I can pop onto Bugzilla and report it, and somebody will do something about it. I've tried reporting problems to Microsoft, and it was a complete waste of my time.

I'm not into flaming X_OR, I'm just stating the case for Apache and the case against IIS. Don't take it personal dude.

adam

ecksor · 23-05-2001 08:53PM

I'm not taking anything personally, I'm just trying to present the business point of view.

dahamsta · 24-05-2001 12:18AM

Also alot of the "script kiddies" seem to think IIS is a piece of crap. Well if its so **** why don't ye get together and write something better?

"We" don't need to. The Apache developers took NCSA apart years ago and did it for us. The Apache Foundation continue pushing new features into the product, month after month (1.3.20 has just been released, and Apache 2.0 went beta last month), BEFORE problems arise. And, I might add, it's still free software, _and_ the source is there for you to hack anytime you want. Don't like the standard rewrite_module? Hack it. Think mod_ssl could be more secure? Fix it. Do _that_ with IIS! The Apache Foundation produces the most popular and most secure webserver available today, and if you don't believe that, you can do something about it, instead of waiting for Microsoft to do it for you.

and yes we all know about apache already exisiting but lets face it win2k and NT are always going to be there whteher we like it or not so wouldn't it be better to make it more secure and a better OS than complaining and continually attacking it?

Although I'm somewhat sceptical that Windows is "always going to be there" in the face of all the .NET horseputty, this is beyond the point. Apache is a far better webserver than IIS, always has been and always will. And in case you're not aware, Apache runs on Windows. Even though it's still considered beta on the Windows platform on the Windows platform, it's far more secure than IIS.

But please, don't take my word for it. ApacheCon Europe is coming to Dublin in October, and the developers themselves will all be there. And, unlike Microsoft, they will actually sit down and talk to you about why they do what they do. They'll explain the inner workings of the server with you if you ask them about it. They'll tell you how to create your own modules that can be loaded into the binary when Apache is launched. If you have a suggestion, they'll listen to you, and they may even implement it.

I've emailed and gotten replies from Ken Coar, Ralf Engelshall (lead mod_ssl developer), Rasmus Lerdorf (the creator of PHP) and Andi Gutmans (lead PHP developer). If I can get Ken Coar down to Cork in October, I'll take him to kiss the Blarney Stone.

See the difference yet?

adam

www.eolas.ie, www.droghedacu.ie, www.portlaoisecu.ie DEFACED script kiddies !

Comments