today most , iranian web sites have been hacked, every thing that you could think, i think they attacked to the middel east internet server, any suggestion?

Been a lot of that lately. Yet another IIS exploit making the rounds. And who knows what else.

Not to put too strong a word on it but to me it is terrorism. It used to be like detective work chasing the bad boys away from the firewall. Then it became vandalism and not so much fun. Now it is terrorism and no fun at all.

All this pain is to prevent being hacked and cracked. That is the key, prevention.

Firewall, proper server config, log analysis. And never relax for long. They keep coming.

"Friends don't let friends use Windows"

...of course no OS is secure by itself... ...but some suck less than others...

Even though I am a Windows user, I don't think it is the most secure OS around. That said, no matter what OS you use, your server is only as secure as you make it. There are hundreds of thousands of IIS servers out there hosting popular sites that don't fall victim to hacking, and this is because the admins driving them take security seriously and have a layered security model which will keep all but the most determined hackers at bay (I don't care what server you run or what security you have, if someone really wants in and have the skills, it's only a matter of time before they find a way).

i had opened the same topic here

u can see a list of sites that got hacked.

and i think this is a server hacked too.

Quote:
What do you mean with this comment? DO you suspect xoops.org is hacked by this crew? If so, why do you think that? If you have any clues, please let us know, so we can investigate

Herko

i thought thats what he meant too herko..

but reading it again and reading the other thread with the list of sites.. i think english is a 2nd language, so came across wrong..

i think he means some of the sites may not have been hacked via XOOPS but rather the server or host server whichever was hacked..

cud be via ftp or telnet or whatever method they used..

out of curiosity how many of these site admins (if any) have actually contacted the hackers in a polite manner?

i mean the message displayed on the hacked sites seems quite distinguished from more malicious attackers..

it maybe worth the try to actually email the admin of the hacker group that hacked them (in this case i think it's a guy called neil from the uk..

ask him politely, ie.. "ok it's a fair cop, u hacked my site www.mydomain.com" and i thank u for not destroying it, but would you be willing to actually discuss how you did this and possibly give me some information as to being able to prevent the same method being used again"

not all hackers are bad people and some will help if u ask them nicely and don't go swearing and cussing at them..

it's worth a try and what have u got to lose by asking? the damage was done and cud be done again if u don't know how they did it..

I don't see polite discussion doing any good. Worth a try I guess but these people are vandals or worse. Sometimes they hope to gain employment or extort money. Uninvited site cracks never get my respect no matter how clever or benign.

If it helps at all I don't see any XOOPS sites among the list. Maybe underneath but the frontends are HTML/ASP. And they all seem to be IIS on Win2k or Win2003. Well known exploits that MS only fixed in the last few days.

MS said that exploits might be out in the next two weeks. I guess they were wrong.

But a wakeup call to site admins. Lock down the site and don't let security take a back seat. Seeing as some of these sites are hosting companies your site is at risk even if they don't get to yours, the main server could go down. Backup backup. And turn off register_globals....

There were, about a month ago or so, a lot of eXoops defacements. Looking a bit into it, it was seen that the problem was in the gallery module; the problem was also found on certain versions of Gallery and sites were also being hacked through it.

That time the systems hacked into were Linux and FreeBSD (iirc).


It basicly works by combination:
First you find a simple exploit on a web application (i.e. Gallery) and use it to gain write and execute priviledges on a site.
Then you dump some local OS exploit (i.e. Linux's kernel do_brk overflow) and try it hoping the system's not patched or updated.

Oh, and by the way... there's also a small annoying detail: if you're on a shared host (as many of us are), you may have good security yourself, but if they gain access to the system from someone else's web application, you're busted too... because, they run these stupid competitions or whatever and they count how many sites they deface, so when they get access to a system, they tend to deface all the sites on that server.


The thing is all this is readily found on the net (looking at the right places) and can be put to practice with just some basic knowledge. So almost any bored kid can come by this and try it 'just for fun'.


I guess the conclusion is: be aware, try and do secure your application and pest your hosting service as much as necessary to make them take patches seriously.

Quote:

i want to say many of these sites are in a one server and using share host so when server got hacked all of them hacked too

sorry for my bad english herko