Hacking contest threatens websites

RJ · 07-02-2003, 06:31 PM

Check the tips at the end of the article to make sure your web server is secure. There will be lots of hacking going on this week.

Quote:

A hacking contest slated for this weekend could produce a rash of Web-site defacements worldwide, according to a warning issued Wednesday by security companies and government Internet security groups.

advertisement

The hacker defacement contest is expected to kick off on Sunday. The contest supposedly will award free hosting services, Web mail, unlimited email forwarding, and a domain name of choice for the triumphant hackers, according to a Web site promoting the contest.

Web-site defacement points will be awarded based on the type of operating system running the Web site. Defacement of Web sites running Windows will only win a single point, while sites running Linux, Unix, and BSD are each worth three points. Sites running AIX, IBM's version of Unix, are worth three points, while sites running HP-UX, Hewlett-Packard's version of Unix, and Macintosh, Apple's operating system, are worth up to five points, according to the contest Web site.
????: NamePros.com http://www.namepros.com/industry-news/2399-hacking-contest-threatens-websites.html

Internet Security Systems, which operates a cyberthreat early-warning network called the Information Technology Information Sharing and Analysis Center, is urging Web-site administrators to review their Web-site security before they head home for the US holiday weekend. ISS's X-Force research group says they've received credible information that hacker groups are scanning Web sites to discover vulnerable systems. But X-Force doesn't expect any major activity until Sunday.

While there's been a recent increase in Web-site scanning activity, there's also been a noticeable decrease in Web-site defacements, said Chris Rouland, director of ISS X-Force. "The hackers are sandbagging," he said. "We've seen this before. Hackers will break in before the event and conduct the actual defacement during the contest."

The exact time the contest will start is not yet known, but the contest rules say it will be limited to six hours. X-Force is trying to determine whether the contest is being run by hacking groups from Brazil or Hong Kong, both known for active Web-defacing activity.

The contest also may be a recruiting effort, Rouland says. "This is one way to learn who are the best defacers out there" and to find out which hackers have figured out new ways to break in and deface sites, he says.
????: NamePros.com http://www.namepros.com/showthread.php?t=2399

The New York Office of Cyber Security and Critical Infrastructure Coordination also issued an advisory about the contest and is asking Web-site administrators to take steps to improve security. Among the recommendations:

• Make sure that default passwords are changed. This should include Web servers and any other servers that the Web server has a trusted relationship with.

• Remove sample applications that aren't being used, such as CGI scripts and Active Server Pages, from Web servers.

• Lock down Microsoft Front Page Extensions. By default, those extensions are installed in a manner that gives every user the ability to author Web pages, even through proxy servers. This recommendation also applies to Front Page Extensions installed on Unix platforms.

• Turn Web server logging on. Logs are essential to determining how a defacement was accomplished so a recurrence can be prevented. Use of the extended log format is recommended.

• Have a current backup of your Web server. In the event of a defacement, a good backup is essential to quickly restore the server to its original look.

• Apply the latest security patches to your Web server and underlying operating system after appropriate testing.

The New York Office of Cyber Security is also guiding Web-site owners to the following resources:

Guidelines on Securing Public Web Servers

http://msdn.microsoft.com/security/d...s/default.aspx

Center for Internet Security, Security Benchmarks

Free vulnerability scan

Story from
http://www.itnews.com.au/storyconten...9&Art_ID=12315

NameCaster · 07-02-2003, 11:34 PM

Sounds more like a script kiddie contest

Cheers!

Kodeking · 07-03-2003, 01:29 AM

This is a good thing. I say this because, companies will now be able to see how secure they have made thier servers. If they wake up to a main page that has been changed, well, they know they need to work on security.

kajutsa · 07-03-2003, 03:35 AM

Very Interesting

Nintwa · 07-03-2003, 04:34 AM

Yeah... interesting, This looks like it will be fun... I just hope my host has a nice secure server or I am screwed. Haha. Thanks for the info!

Larry · 07-03-2003, 05:06 AM

Quote:

Originally posted by Kodeking
This is a good thing. I say this because, companies will now be able to see how secure they have made thier servers. If they wake up to a main page that has been changed, well, they know they need to work on security.

????: NamePros.com http://www.namepros.com/showthread.php?t=2399

This is not funny and it's not about security. It's about people who won't grow up and get a real life.

Having your server(s) hacked is a tremendous waste of time and resources for both the hacker and the hackee.

It's destructive and disruptive and the only people who do this or associate themselves with it are prepubescents and young adults who can't seem to get on with their lives.

I hope everybody who participates in this ends up with a criminal record. This is a criminal offense...not fun and games.

webmasterinfo · 07-03-2003, 05:07 AM

nice 2 now

thx

CenterPoint · 07-03-2003, 08:26 AM

Quote:

Originally posted by Larry
????: NamePros.com http://www.namepros.com/showthread.php?t=2399
This is not funny and it's not about security. It's about people who won't grow up and get a real life.

Having your server(s) hacked is a tremendous waste of time and resources for both the hacker and the hackee.

I hope everybody who participates in this ends up with a criminal record. This is a criminal offense...not fun and games.

Could not agree more. It would be nice to see some of these kids use their talents for good rather than destructive purposes.

TheWatcher · 07-03-2003, 10:22 AM

It was posted to BlackHat.INFO website to notify webmasters/admin.

http://www.blackhat.info/live/module...rder=0&thold=0

Cheers,
tw

Nintwa · 07-03-2003, 10:44 AM

Quote:

Originally posted by CenterPoint
Could not agree more. It would be nice to see some of these kids use their talents for good rather than destructive purposes.

I have heard that some companies actually hire these kids to help them secure there servers and computers etc.. I think that ift his was done more, it would be a really good way to stop kids from getting into hacking/scripting in the first place.

GCgirl4ever · 07-03-2003, 03:54 PM

Good thing I'm not getting my new server until Monday.. otherwise I would be screwed.. we'll see what happens

romantic__ · 07-03-2003, 04:20 PM

I hope nobody here gets hacked or whatever. !

TheWatcher · 07-03-2003, 05:14 PM

Your server should be ok as long as you keep your patches updated and shut off services that you don't need.

Regards,
tw

kohashi · 07-03-2003, 06:22 PM

I would be more wary about this. Patches come out after these types of things, not before. I am guessing if this is a serious competition and the volume of defacing done is high, then some of you may be affected; myself included.
Hacking contests are not new, this is just the first time you may have heard of them. http://www.attrition.org used to keep track of them. I dont know if they are current any more, but it used to be a very popular 'club' almost. If you are seriously concerned and think you might be infected, pull the plug for the duration (6 hours I believe). This way your server will be fine, unless they croned the job to run... then... well hope you have a backup.
????: NamePros.com http://www.namepros.com/showthread.php?t=2399
Larry: it is only natural that this will happen. It is not kids as most people percieve. There is quite a large spectrum of people who practice it. Also, if they didnt do it, someone else would. It is inevitable curiousity with a hint of destruction. Would you rather nobody practice it for a while and security holes go unnoticed? Someone would eventually notice them and exploit them to a greater degree. Face it, it is like the rain, it happens and you cannot do anything about it. Just make sure you have your umbrella.

Lord · 07-04-2003, 09:54 AM

Well, if you think about it, it would be better if they werent purposely trying to deface it, and if they were only trying to get in and show that they could. This contest could ruin a lot of sites, and possibly people's private pages, hopefully they dont go for those however, and they go for the bigger sites as they most likely 'get more points'.

TheWatcher · 07-04-2003, 10:05 AM

some security guidelines and security weblink posted in www.blackhat.info site, check it out.

It's a long story to discuss it here.

tw

Larry · 07-04-2003, 10:17 AM

Quote:

Originally posted by kohashi

Larry: it is only natural that this will happen. It is not kids as most people percieve. There is quite a large spectrum of people who practice it. Also, if they didnt do it, someone else would. It is inevitable curiousity with a hint of destruction. Would you rather nobody practice it for a while and security holes go unnoticed? Someone would eventually notice them and exploit them to a greater degree. Face it, it is like the rain, it happens and you cannot do anything about it. Just make sure you have your umbrella.

It is not inevitable that this happen Kevin. If you caught these kids (and it is mostly kids...if you don't think so you need to read more about these episodes and the type of low level hacking that is being discussed here) and tossed a few of them in jail it would start to curtail this activity - better yet, throw the parents in jail and see how quickly they get control over this. Or fine the parents for the cost to restore the damage....and see how quickly hitting these folks in their pocketbook would get them to cut their kids off from the internet.

The majority of this can be better controlled if the penalties were high for the parents of the people involved. Conversation about this being helpful for security reason is BS.

This is for and about people with no parental supervision. Why? Because real hackers spend very little time on issues like defacement...that type of grade school stuff is left to the kids. The general glory of defacing was over years ago for anybody with any talent .
????: NamePros.com http://www.namepros.com/showthread.php?t=2399

My servers will probably be hit...they are up to date and patched to death. But holes abound and a good backup is really your best defense in the end.

NameCaster · 07-06-2003, 05:41 PM

Quote:

Originally posted by Larry
????: NamePros.com http://www.namepros.com/showthread.php?t=2399

Why? Because real hackers spend very little time on issues like defacement...that type of grade school stuff is left to the kids. The general glory of defacing was over years ago for anybody with any talent .

Amen †

Sohil · 07-06-2003, 05:46 PM

Good thing.....no one has got hacked yet

wicked_gal00 · 07-06-2003, 05:47 PM

Let's hope no one does.

Sohil · 07-06-2003, 05:48 PM

Quote:

Originally posted by wicked_gal00
Let's hope no one does.

I think hackers got scared

wicked_gal00 · 07-06-2003, 05:52 PM

Sohil · 07-06-2003, 09:23 PM

Quote:

LONDON, England (Reuters) -- Computer hackers vying in a global contest on Sunday defaced a slew of Web sites, but the damage was confined to the Internet's backwater of small, unsecured sites, security officials said.
????: NamePros.com http://www.namepros.com/showthread.php?t=2399

The "Defacer's Challenge" got off to a quick start on Sunday with 300 attacks reported minutes after the 0600 GMT official start, said Roberto Preatoni, founder of Estonia-based Zone-H.org, a site that tracks hack attacks.

"There were no big names," he said. But he added his own site, www.zone-h.org, was knocked offline for much of the day because of a high volume of legitimate visitors and apparent attempts by hackers to bog down his computer servers.

According to the contest Web site www.defacers-challenge.com, which was taken offline last week, hackers were urged to prove their skills by defacing as many Web sites as possible during a six-hour span on Sunday.

Points were awarded for the number and type of computer servers they infiltrated, the rules stated.

Concern grew among cyber security organisations last week that the competition would cripple countless Web sites, but by Sunday afternoon as the event was drawing to a close there was no sign of damage among the Web's most popular sites.

The Web's largest Web sites, including Amazon.com and Yahoo.com, were functioning as normal on Sunday.

"It seems to be a damp squib," said Graham Cluley, spokesman for UK-based security firm Sophos.

Via.Networks, a U.S.-Dutch Internet service provider and Web site hosting firm that manages Web sites for over 50,000 clients in America and Western Europe, also reported no incidences.

"None of our customers have called to report any problems. It's all quiet on the Western Front," said Joanne Hughes, a spokeswoman for Via Networks.

Hacking activities have been on the rise for years as the expertise behind compromising a Web site's vulnerable computer server is freely passed around the Internet in chat areas and is posted on Web sites dedicated to the activity.

Hack attacks range from outright defacement to flooding a server with data requests, knocking a site offline. In the former case, hackers replace the contents of a Web page with their own message, often a political rant written in the signature style of broken English.

With hackers sending out challenges regularly, security officials expressed bewilderment that this contest received so much press attention, fearing it would only encourage more elaborate events in the future.

But Via.Network's Hughes saw something of a silver lining in the fact she and her team were on the ready this weekend for a possible showdown with hackers. "If it makes people more aware about security then that's a good thing," she said.

News from: http://www.cnn.com/2003/TECH/interne...eut/index.html

Sohil · 07-06-2003, 09:27 PM

More links to that news:

http://news.com.com/2100-1002_3-1023295.html?tag=fd_top
http://story.news.yahoo.com/news?tmp...cker_warning_7

drifta · 07-06-2003, 09:28 PM

http://www.host-rack.com

07-03-2003, 05:07 AM	#7 (permalink)
webmasterinfo Senior Member Join Date: Jun 2003 Location: At home Posts: 2,053	nice 2 now thx __________________ Work!

07-03-2003, 10:22 AM	#9 (permalink)
TheWatcher Senior Member Join Date: May 2003 Location: KING.NET Posts: 3,479	It was posted to BlackHat.INFO website to notify webmasters/admin. http://www.blackhat.info/live/module...rder=0&thold=0 Cheers, tw __________________ Get your own .CO $28/yr http://NeedName.com KING.NET Advertise your products and services. Got Facebook, connect with me. http://facebook.com/domainnetwork WebeW.com - YA.NET Alternative Domain Name!. Use it for your site or blog.

07-03-2003, 03:54 PM	#11 (permalink)
GCgirl4ever Senior Member Join Date: May 2003 Location: MA Posts: 1,892	Good thing I'm not getting my new server until Monday.. otherwise I would be screwed.. we'll see what happens __________________ Working on something with JP :)

07-03-2003, 05:14 PM	#13 (permalink)
TheWatcher Senior Member Join Date: May 2003 Location: KING.NET Posts: 3,479	Your server should be ok as long as you keep your patches updated and shut off services that you don't need. Regards, tw __________________ Get your own .CO $28/yr http://NeedName.com KING.NET Advertise your products and services. Got Facebook, connect with me. http://facebook.com/domainnetwork WebeW.com - YA.NET Alternative Domain Name!. Use it for your site or blog.

07-03-2003, 06:22 PM	#14 (permalink)
kohashi NamePros Regular Join Date: May 2003 Location: Kathmandu, Nepal Posts: 788	I would be more wary about this. Patches come out after these types of things, not before. I am guessing if this is a serious competition and the volume of defacing done is high, then some of you may be affected; myself included. Hacking contests are not new, this is just the first time you may have heard of them. http://www.attrition.org used to keep track of them. I dont know if they are current any more, but it used to be a very popular 'club' almost. If you are seriously concerned and think you might be infected, pull the plug for the duration (6 hours I believe). This way your server will be fine, unless they croned the job to run... then... well hope you have a backup. ????: NamePros.com http://www.namepros.com/showthread.php?t=2399 Larry: it is only natural that this will happen. It is not kids as most people percieve. There is quite a large spectrum of people who practice it. Also, if they didnt do it, someone else would. It is inevitable curiousity with a hint of destruction. Would you rather nobody practice it for a while and security holes go unnoticed? Someone would eventually notice them and exploit them to a greater degree. Face it, it is like the rain, it happens and you cannot do anything about it. Just make sure you have your umbrella. __________________ -kohashi \|\| Earn 20% Commissions with this Affiliate Program! Ohashi.US - Your Domain Name Resource Visit Ohashi.us for the largest set of Domain name links and tools. Free eNom Reseller Accounts and $6.50 retail accounts (biz/us) http://www.demigod.net - Free Subdomains For You! No Ads!

07-02-2003, 11:34 PM	#2 (permalink)
NameCaster Retired Staff Join Date: May 2003 Location: Seattle Posts: 1,963	Sounds more like a script kiddie contest Cheers!

07-03-2003, 03:35 AM	#4 (permalink)
kajutsa NamePros Member Join Date: Jul 2003 Location: holland Posts: 29	Very Interesting

07-03-2003, 04:34 AM	#5 (permalink)
Nintwa NamePros Regular Join Date: Jun 2003 Location: UK Posts: 263	Yeah... interesting, This looks like it will be fun... I just hope my host has a nice secure server or I am screwed. Haha. Thanks for the info!

07-03-2003, 04:20 PM	#12 (permalink)
romantic__ NamePros Regular Join Date: Jun 2003 Posts: 264	I hope nobody here gets hacked or whatever. !

07-04-2003, 09:54 AM	#15 (permalink)
Lord Senior Member Join Date: Jun 2003 Posts: 1,358	Well, if you think about it, it would be better if they werent purposely trying to deface it, and if they were only trying to get in and show that they could. This contest could ruin a lot of sites, and possibly people's private pages, hopefully they dont go for those however, and they go for the bigger sites as they most likely 'get more points'.

07-04-2003, 10:05 AM	#16 (permalink)
TheWatcher Senior Member Join Date: May 2003 Location: KING.NET Posts: 3,479	some security guidelines and security weblink posted in www.blackhat.info site, check it out. It's a long story to discuss it here. tw __________________ Get your own .CO $28/yr http://NeedName.com KING.NET Advertise your products and services. Got Facebook, connect with me. http://facebook.com/domainnetwork WebeW.com - YA.NET Alternative Domain Name!. Use it for your site or blog. Last edited by TheWatcher; 07-04-2003 at 10:22 AM.

07-06-2003, 05:46 PM	#19 (permalink)
Sohil Senior Member Join Date: May 2003 Location: Ohio Posts: 2,337	Good thing.....no one has got hacked yet __________________ â€¢â€¢ PolurNET Communications LLC =Avoid the Freeze...Enjoy the Breeze!=

07-06-2003, 05:47 PM	#20 (permalink)
wicked_gal00 Senior Member Join Date: Jun 2003 Location: Toronto Posts: 2,383	Let's hope no one does. __________________ Annotate!Pro - App for drawing directly on top of your desktop for effective meetings and communication.

07-06-2003, 05:52 PM	#22 (permalink)
wicked_gal00 Senior Member Join Date: Jun 2003 Location: Toronto Posts: 2,383	__________________ Annotate!Pro - App for drawing directly on top of your desktop for effective meetings and communication.

07-06-2003, 09:27 PM	#24 (permalink)
Sohil Senior Member Join Date: May 2003 Location: Ohio Posts: 2,337	More links to that news: http://news.com.com/2100-1002_3-1023295.html?tag=fd_top http://story.news.yahoo.com/news?tmp...cker_warning_7 __________________ â€¢â€¢ PolurNET Communications LLC =Avoid the Freeze...Enjoy the Breeze!=

07-06-2003, 09:28 PM	#25 (permalink)
drifta Senior Member Join Date: Feb 2003 Location: New Zealand Posts: 2,528	http://www.host-rack.com

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)