what the......
May 7, 2001 1:33 PM Subscribe
what the...... Is this self linking? Someone tried to hack into my server and make this my homepage. Anyone got any information on who this is, or know anything about it? I am familiar with Poisonbox...but...not this one.
attrition.org has some information on this new cyber us/china blitzkrieg. sadly, most of the cracked boxes appear to be running IIS... imagine that.
posted by o2 at 2:09 PM on May 7, 2001
posted by o2 at 2:09 PM on May 7, 2001
They got one of my boxes as well. It was running IIS. They are using FireDaemon. You can get the Microsoft Patch here. Looking at the server, it appears that it was all automated so they probably hit a bunch of servers. This one that they hit would have been pretty hard to find.
posted by iscavenger at 4:09 PM on May 7, 2001
posted by iscavenger at 4:09 PM on May 7, 2001
Thanks a lot, again. I will go to the update site for the patch as soon as I get to work tomorrow. Right now, I have a 17 month chewing on my ankle as I write.
posted by bradth27 at 5:21 PM on May 7, 2001
posted by bradth27 at 5:21 PM on May 7, 2001
They managed to get Pace University School of Business too.
posted by tomorama at 6:21 PM on May 7, 2001
posted by tomorama at 6:21 PM on May 7, 2001
I was incredibly surprised at how many sites got hit with this defacement. We must have had over 100 reports in the last week by readers, users and visitors to Web sites. Even some admins reported it to us. Someone sent us their logs and it looks like the defacement was done by line commands using something called root.exe. All it took was one line to deface most sites which explains why it's been EVERYWHERE.
posted by bkdelong at 6:25 PM on May 7, 2001
posted by bkdelong at 6:25 PM on May 7, 2001
Some chinese script kiddie hit our site -- I work for a major non-profit -- and left a weird little scrawl about American Hegemonism. It even had music, which was a strange touch.
Yeah... we were running IIS 4, but that doesn't mean our site should get defaced...
I mean, this guy used Frontpage to make his defaced page -- jeez!
posted by ph00dz at 6:33 PM on May 7, 2001
Yeah... we were running IIS 4, but that doesn't mean our site should get defaced...
I mean, this guy used Frontpage to make his defaced page -- jeez!
posted by ph00dz at 6:33 PM on May 7, 2001
We've had this attack like this tried on our boxes about a month ago. It's an internet worm which is exploiting some well know vulnerabilities in solaris as well as IIS.
Here's the CERT advisory about it.
posted by lagado at 5:29 AM on May 8, 2001
Here's the CERT advisory about it.
posted by lagado at 5:29 AM on May 8, 2001
« Older New Bose radio hooks up to PC. | Sweet mother of god Newer »
This thread has been archived and is closed to new comments
posted by Hankins at 1:47 PM on May 7, 2001