...Actually, upon further investigation, it would appear that - apart from the "Professional Computer Association of Lebanon", *only* Government sites have been h4xx0r3d. Weird. posted by Chunder at 9:00 AM on February 8, 2005
Could someone enlighten, um, me? posted by Captaintripps at 9:05 AM on February 8, 2005
yeah, kind of lame to just link to a google search. I'm with you tripps...give us some more info. posted by j.p. Hung at 9:09 AM on February 8, 2005
It's an FTP buffer overflow exploit. posted by mr_crash_davis at 9:16 AM on February 8, 2005
Not much else to say. There's a hack that adds "0wn3d by NoPh0BiA" to websites. That's all I know. posted by basilwhite at 9:18 AM on February 8, 2005
So it just inserts that text? I'm having trouble finding any information on it from Google, since results are just affected pages. Does it harm anything? posted by odinsdream at 9:20 AM on February 8, 2005
No, the exploit isn't limited only to government sites; the link in the main post is to a Google search that filters on .gov, so that's all it returns. Go into "Advanced Search," remove the filter, and you'll see more results. posted by Creosote at 9:34 AM on February 8, 2005
That's great. Thanks for posting it. posted by xmutex at 9:38 AM on February 8, 2005
Or just delete the site:gov from the search string.
Kind of funny. posted by fenriq at 9:38 AM on February 8, 2005
Not sure what if any conlusions to draw, but 214 out of 1,070 of the sites identified by the google search were .gov. posted by forforf at 9:39 AM on February 8, 2005
site:.gov, oops. 1070, impressive. posted by fenriq at 9:39 AM on February 8, 2005
pointless, but the Issa photos definitely make it worthwhile. posted by mrgrimm at 9:49 AM on February 8, 2005
Try just searching on "NoPh0BiA" - you can find the source code and the author's home page - http://noph0bia.lostspirits.org/
Looks like it gives you a privileged "shell" (command line session, possibly cmd.exe?) on the vulnerable host of your choice, given an IP address and nominal username and password. posted by kcds at 9:50 AM on February 8, 2005
One hundred and elevens all around. posted by haqspan at 10:03 AM on February 8, 2005
I still don't understand what exactly it means/does. The sites look normal, just the google results show "owned..." posted by fixedgear at 4:30 PM on February 8, 2005
soo.....wouldn't this mean these particular web hosting machines could be connected to with a known username-password? posted by odinsdream at 4:58 PM on February 8, 2005
I still don't understand what exactly it means/does. The sites look normal, just the google results show "owned..."
It looks like many of the sites have been "corrected", but others still have the "owned" text in them, so I assume all these pages were hacked. posted by bobo123 at 6:21 PM on February 8, 2005
Subscribe
1337 d00dz ;-)
I'm glad that my government doesn't hold any sensitive information about me. Oh, wait... uh...
posted by Chunder at 8:56 AM on February 8, 2005