Hacked.

Discussion in 'Community' started by rice_web, May 3, 2003.

  1. rice_web macrumors 6502a

    rice_web

    Joined:
    Oct 25, 2001
    Location:
    Minot, North Dakota
    #1
    April 30, 11:45 PM

    Thanks to a yet-unknown hacker(s), hours of work had to go to restoring an EDUCATIONAL site after a group of (possibly) Romanians took down two of our Linux servers and put IRC chat rooms on them.

    Oh joy.

    And I knew the people that had to come in on a Saturday to restore the server. I'm sure they enjoyed that.
     
  2. jethroted macrumors 6502a

    jethroted

    Joined:
    Jan 2, 2003
    Location:
    Cyberspace
    #2
    Re: Hacked.

    How could you possibly connect it to Romanians?
     
  3. rice_web thread starter macrumors 6502a

    rice_web

    Joined:
    Oct 25, 2001
    Location:
    Minot, North Dakota
    #3
    Log files. Though that's nothing conclusive, as anyone can use a fake IP.
     
  4. G4scott macrumors 68020

    G4scott

    Joined:
    Jan 9, 2002
    Location:
    Austin, TX
    #4
    which site was hacked? the one on your homepage button?
     
  5. rice_web thread starter macrumors 6502a

    rice_web

    Joined:
    Oct 25, 2001
    Location:
    Minot, North Dakota
    #5
    No, no, not my personal website: an education site for a school district.

    I'd give you the domain, but we're still afraid about attacks right now (we had a corporation--SchoolCenter.com--hack us a couple of weeks ago and now this).

    But honestly, who hacks a school's website? And only for an IRC server!?
     
  6. MrMacMan macrumors 604

    MrMacMan

    Joined:
    Jul 4, 2001
    Location:
    1 Block away from NYC.
    #6
    wait so if you post the link... someone from this site will hack you?
    :confused:
     
  7. rice_web thread starter macrumors 6502a

    rice_web

    Joined:
    Oct 25, 2001
    Location:
    Minot, North Dakota
    #7
    Well I should hope not :p
     
  8. peterjhill macrumors 65816

    peterjhill

    Joined:
    Apr 25, 2002
    Location:
    Seattle, WA
    #8
    You would be surprised at how many people are hacked and do not know it. The latest fun they do is to set up an ftp server running on some unused high tcp port that is not scanned in a normal nmap scan (by default, nmap does not scan every port, only well-known ports). Then then install an irc bot that goes goes to a specific irc server (or group of servers) to a specific chat room and tells everyone the user level username and password for the ftp server, along with the hostname and port. What did you find? Movies? MP3s?

    On a Mac or Unix box, you can use
    lsof -i to get a list of all applications that are listening to or talking to the network (actually, for your user account - for all you really want to "sudo lsof -i" and type in your admin account password when asked, which will execute the command as root and show all apps)

    On windows, I recommend a command line tool called fport from www.foundstone.com. Just do a google search for fport and it is the first hit. I bet, if you only found the irc bots, there still might be other apps. They will be disguised as common windows OS files.

    The only way I have seen Macs get hacked is by weak passwords. With Microsoft, alot of the problem is that their SQL server's software patches do not show up on windowsupdate. Our network is constantly be scanned on 1433,1444 (MSSQL), 139,445 (windows file sharing), and port 80 (web).

    For fun on a mac in a terminal window, type:

    cat /var/log/httpd/access_log

    this will show you the apache log file, if you are running the mac web server, and see all the attempts to break windows security vulnerabilities.
     
  9. tazo macrumors 68040

    tazo

    Joined:
    Apr 6, 2003
    Location:
    Pacific Northwest, Seattle, WA actually
    #9
    Re: Hacked.

    that sux0rs
     

Share This Page