Comments on: Comments on 20395

Post number 20395

anastasiav — Sat, 28 Sep 2002 22:40:00 -0800

Sometime in the past hour, explodingdog.com (no, I'm not linking to it) got its front page hacked. Now I can understand the motives behind hacking as cyber-terrorism (.pdf file), or to promote your political or social agenda, and I can't say that I totally disagree with hacktivism as a sort of civil disobedience. I also understand hacking as a way to show off your skills. But off all the sites out there, why would some stereotypical punk kids (or whomever) pick a great site like explodingdog to hack? Where's the challenge? So many hackers say they're out to free the Internet - then why attack a site that give away so much for free?

By: fatchuck

fatchuck — Sat, 28 Sep 2002 22:49:04 -0800

Well, they're trying to promote themselves according to the contact information they left. Besides that, having never seen explodingdog.com before, they're helping to promote that site because you decided to cover this hack. Otherwise, I wouldn't have heard of this site. That said, are these guys one-hit wonders or is this the first in a chain? Freeing the Internet is pretty hard to do by hacking someone's web site - it frees nothing and suppresses the target web site as much as an FBI shutdown does. Nice.

By: fnord_prefect

fnord_prefect — Sat, 28 Sep 2002 22:49:34 -0800

meta name="Generator" content="Microsoft Word 9" 'nuff said.

By: fatchuck

fatchuck — Sat, 28 Sep 2002 22:52:28 -0800

One last note. I'm not an anti-Microsoft zealot, but explodingdog.com is being run on top of IIS 5.0 and Win2000. That's a bit like leaving your web site keys in the front door.

By: fatchuck

fatchuck — Sat, 28 Sep 2002 22:56:25 -0800

Fnord, you're right. This definitely puts them in the class of wannabe amateurs. What's the point when you're using Word 2000 for your hack page? Uberlame!

By: boogah

boogah — Sat, 28 Sep 2002 23:03:03 -0800

the fact that i'm posting this from a hacking convention should tip my hand as to how i feel about hackers, and yes i normally would defend hackers. but y'all have to understand something simple - these people are monkeys. the people who deface these webpages often have just enough skill to run a script on an ip range to see if there are any system admins who haven't run the latest patches to their servers. sometimes the servers that are vulnerable host more than one website. perhaps hundreds. no doubt explodingdog wasn't hacked because the group or person involved had something against it. it's more feasable that it was defaced because some group of fifteen year olds who hang out in irc thought it'd be cool to give their friends "shout outs" on a couple hundered homepages. to make a long story short, these people are just a handful of tossers who mostly have no real technical prowess and give real hackers a bad name. hopefully explodingdog or their isp took a recent backup of the site in it's entirety and will be able to restore it. now if you'll pardon me, i have a party to get back to.

By: delfuego

delfuego — Sat, 28 Sep 2002 23:03:12 -0800

fatchuck, there are tons of IIS5/W2K servers out there that are pretty damn secure, and as the past two weeks have shown, Apache/*nix isn't a panacea. Please try not to generalize...

By: rhyax

rhyax — Sat, 28 Sep 2002 23:03:32 -0800

oh no. also, when explodingdog comes back everyone should go there because it's funny.

By: boogah

boogah — Sat, 28 Sep 2002 23:07:25 -0800

one would try not to generalize delfuego, except microsoft has been known for it's inherent lack of security. so it's not so much generalizing as going with expirence.

By: anastasiav

anastasiav — Sat, 28 Sep 2002 23:11:59 -0800

Otherwise, I wouldn't have heard of this site. That's a shame, fatchuck - the site is actually pretty well known (in certain circles) - see prior MeFi threads about explodingdog here - 2034 and here -8654. Sam Brown simply draws great pictures and posts them for people to see. He also codes it himself - I've always thought the whole idea of the 'net was that you didn't have to be an expert in programing and security in order to get your art out there in the world, but maybe I'm just naive. The site is actually all still there its just got this junk sitting on top of it.

By: photoslob

photoslob — Sat, 28 Sep 2002 23:20:44 -0800

these dudes are so l33t! they hacked a site that next to no one has ever heard of! yawn.

By: amery

amery — Sat, 28 Sep 2002 23:42:43 -0800

delfuego -- The exploit you're citing is an OpenSSL vulnerability. Many Apache/*nix servers don't use OpenSSL, and aren't affected in the least. For those that do, all you have to do is upgrade OpenSSL and rebuild one lousy Apache module. That protects you from all the worms we've been hearing about over the past two weeks. No black magic Microsoft patches necessary. Add to the mix that these exploits are rare in *nix land, the fixes are rapid, the source code free, and you start to see why Apache/*nix is so popular. Your point that these systems get rooted is true, but that doesn't change the fact that Microsoft systems are famous for their (ahem cough) security. Even generally pro-Microsoft publications admit that the reason to stay with IIS is usually lock-in rather than product satisfaction.

By: dejah420

dejah420 — Sun, 29 Sep 2002 01:31:50 -0800

Web vandals/script kiddies/morons in the basement do not equal hackers!

By: bhell13

bhell13 — Sun, 29 Sep 2002 03:53:46 -0800

Exploding dog is great, Sam actually drew one of my suggestions once. "Hacking" a popular personal site doesnt make you a hacker it makes you an attention seeking lamer!

By: Dennis Murphy

Dennis Murphy — Sun, 29 Sep 2002 04:27:54 -0800

these dudes are so l33t! they hacked a site that next to no one has ever heard of! yawn. All sites should strive to be as 'unknown' as exploding dog. I mean, no one has ever heard of it! (or, just maybe, it's still a secret to people who still use 'yawn' to express ~~ignorance~~ boredom).

By: t r a c y

t r a c y — Sun, 29 Sep 2002 04:34:14 -0800

hey what's up with your links dennis...? i love this explodingdog site, it's wonderful...! but i'd never heard of it until today. i think photoslob was yawning at the wannabe lamer kids who "hacked" the site, not the site itself...?

By: Dennis Murphy

Dennis Murphy — Sun, 29 Sep 2002 04:53:01 -0800

I agree the 'lamer kids' are, well, lame. I'm simply baffled as to what evidence photoslob used to come to the conclusion that exploding dog was a site 'next to no one' had heard about. Except that HE had never heard of it, and therefore came to his conclusion. It may not be yahoo, and the net is huge, but for a personal site it's pretty well known, linked across the net, won awards, and been written up by several media outlets.

By: the fire you left me

the fire you left me — Sun, 29 Sep 2002 07:24:05 -0800

But off all the sites out there, why would some stereotypical punk kids (or whomever) pick a great site like explodingdog to hack? Because the hackkids were insecure, I mean because the site was unsecure.

By: rhyax

rhyax — Sun, 29 Sep 2002 09:01:36 -0800

Dennis, those links seem to require a password.

By: Ryvar

Ryvar — Sun, 29 Sep 2002 10:03:41 -0800

fatchuck, this from Netcraft: The site www.metafilter.com is running Microsoft-IIS/5.0 on Windows 2000. Speaking as someone who has cracked Microsoft employees' IIS uber-setups on dares, as well as some other, no less difficult sites, and has run webservers on Win2k, RedHat, and OpenBSD systems, I'll say this much - IIS can be an insanely difficult webserver to secure properly. Why is this? Because certain patches for it actually undo certain previous patches. In short, if you don't have a good vulnerability scanner onhand to check yourself against all the major, known exploits, there is a high probability you are going to get screwed. Simply applying all the patches in chronological order and disabling dangerous servers and being careful about paths is not enough, as I've demonstrated to people who work at the company, as well as a few other admins I generally greatly respect. However, securing IIS can be done, and be done as well as any other webserver, providing you have a knowledgeable person on hand to do it. RedHat, Apache, OpenSSL - these aren't products with really great trackrecords. Hell, OpenBSD's total track-record (read: non-default-install) isn't even that great. But all that said, a fresh OpenBSD/Apache installation - once you learn the how/Tao of OpenBSD - is the easiest thing to secure in my experience. Why is this? Because OpenBSD doesn't start out with 101 things that need to be disabled. Everything is disabled, you just add the things you want. Makes life much, much easier. The only people who deserve to get hacked, btw, are those who run their servers with FrontPage (or mod_dav, I believe is the apache module) access enabled. Or PC Anywhere. Or Sendmail instead of Postfix/qmail. There are some things, obviously, you just don't do.

By: tuxster

tuxster — Sun, 29 Sep 2002 10:34:04 -0800

Dennis seems to have linked to the article through an anonymous surfing account proxy. I think he meant to link to this article. Well, so much for my first post :)

By: tuxster

tuxster — Sun, 29 Sep 2002 10:37:26 -0800

Oh, and his first link was a simple "explodingdog" search on google...

By: t r a c y

t r a c y — Sun, 29 Sep 2002 10:50:32 -0800

thanks tuxster, welcome to the madhouse.