[NTLUG:Discuss] SRJ servers hacked and destroyed!
Daniel L. Shipman
webmaster at srj.net
Mon Jul 10 07:28:33 CDT 2000
I NEVER accused ANYONE on this list of illegal activity NEVER NEVER NEVER -
end of subject
FYI - MadHat - I have seen your name around for ever you must be one of the
origonal gods of linux - in the early days did you write a bunch of PERL
docs or scripts that I would have seen your name attached to - I just know
that I've seen you somewhere else besides here
----- Original Message -----
From: MadHat <madhat at unspecific.com>
To: <discuss at ntlug.org>
Sent: Monday, July 10, 2000 7:22 AM
Subject: Re: [NTLUG:Discuss] SRJ servers hacked and destroyed!
>
> I am sorry you were broken into and defaced, I have been there on more
> than one occation. Computer security, Linux or not, is not a part time
> job, the battlefield is changing on a daily basis. I have noticed that
> you have gotten some very good information from some of the people here
> (I recomend SecurityFocus and BugTraq), even though you have come out
> attacking what appears to be just about everyone. Attrition is not a
> business, they are a simple repository of security information and they
> happen to host defaced web pages. This is actually quite helpfull, as
> it keeps track of what systems get hacked more often, by who, etc...
>
> It is a touchy subject of "hackers v. crackers". But know this, that
> quite a few people on this list (and many other Linux mailing lists)
> concider themselves "hackers" in the origional sense. Unfortunatly the
> media has branded the term hacker to a negitive persona and negitive
> actions. I do recomend looking at the Jargon file or picking up the New
> Hacker's Dictionary (printed version of the Jargon file). They both
> have some great info and can shed light on where some expressions came
> from and their origional meaning.
>
> We understand your frustration and will help if we can, but accusing
> people on this list of illeagle actions is not going to help anyone.
>
> "Daniel L. Shipman" wrote:
> >
> > SRJ servers hacked and destroyed!
> >
> > For the past 3 days I have been defending the SRJ servers from hacking
> > invaders from Kuwait, Brazil, Plano, Sherman, and somewhere in WY.
> >
> > The hackers scanned ports, entered in with FTP and telnet by utilizing
> > AdmRocks to overflow the Named buffer. I was running Bind 8.2.1 - I
strongly
> > encourage anyone who is running bind to upgrade to bind 8.2.2 Patch 5
> >
> > The folks who hacked me are called the "Shitkingz" they replaced the
> > index.html file for each users public_html directory with their own
which
> > included child pornography images pulled from a geocities account
> >
> > I was first informed of the attack by attrition.org - the most
disgusting
> > business organization in the world - I contacted the FBI ASAP and have
been
> > working with them non stop.
> >
> > Thus far I have incurred in excess of $14,500 in lost time, billing, and
> > revenue
> >
> > Prior to format on July 5th I ran dd on the HD followed by strings and
saved
> > the image of the hacked drive to seperate files on the same HD. The
parsed
> > date I was able to recover and save before the format, partitioning, and
> > re-install of the HD have been forwarded to the FBI. I have access to
copies
> > of /etc /var /bru /root that were made on July 5. I know they used the
> > AdmRocks kit because I found a folder in /var/named called "Admrocks". A
> > searched of the file system for "\.\.\." found nothing. All logs were
rm'd
> > and many files, including wtmp were linked to /dev/null. The only reason
I
> > was able to get the logs I did was because they didn't zero out the
files
> > prior to rming them.
> >
> > Just though you all would like to know whats been going on around my
place
>
> --
> MadHat at unspecific.com
> "The 3 great virtues of a programmer:
> Laziness, Impatience, and Hubris."
> --Larry Wall
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list