Site hacked!!!

***cacosapo*** · May 11th, 2004, 08:30 PM

just for your info, they are just a bunch of script kiddies. They know from nothing to zero about networking. No one use to track those, since they just group, deface a lot of sites and vanished. I agree with most of guys here: too many "holes" on security. Script kiddies are just like that: run a program to scan computers with vulnerabilities and change pages. I doubt that they know what to do with root access.
However, as these kind of people act as bees (or rats), I repeat previous advices: re-install
all

***Cybr1d*** · May 11th, 2004, 08:36 PM

skiddies or uber-l337-hackers makes no difference...they're still doing harm and they need to be stopped.

I checked their website, and i'm pretty sure they're a bit more advanced that just plain skiddies.

***cacosapo*** · May 11th, 2004, 08:46 PM

Although they can "evolved" :P
I dont think so. As Ive heard, they are a spin off of other "hackker" group in Brazil.
Try to ask them "What is the purpose of SYN, FIN, RST, PSH bits?" or "what is the difference between ACTV and PASV FTP?"
They know nothing :P
(i believe that a newbie should know tcp/ip basics - they dont know - just use well known tools around internet)
Just my opinion
BTW, we are plagued here by those beasts.

***Cybr1d*** · May 11th, 2004, 08:54 PM

how do you know so much about them...besides being from the same country. Unless you personally know them, how can you claim they don't know ****? Before calling them newbies just because you "think" they use other people's tools, without actually personally knowing them, sit back and think first.

**avenger_jcc** · May 11th, 2004, 09:46 PM

Gee your sig looks vaugely familliar.

***chsh*** · May 11th, 2004, 10:47 PM

It's always best policy to reinstall from trusted, read-only media after a break-in. If you are interested in the forensics of it, keep an image of the various partitions backed up on another drive, otherwise trash the machine and restore the data from backups.

Originally posted here by Cybr1d
skiddies or uber-l337-hackers makes no difference...they're still doing harm and they need to be stopped.
I checked their website, and i'm pretty sure they're a bit more advanced that just plain skiddies.

Well, whether the need to be stopped, and whether they CAN be stopped are two separate things. Even in the United States you can't charge someone for defacing your site(s) unless you can prove more than $5000 in lost revenues (at least last I was aware).
As for whether they "seem" to be more advanced than plain script kiddies, you really wouldn't get a good idea without talking to them IMO. A lot of people can look and sound like they know what they are talking about, without actually knowing what they are talking about.

Originally posted here by Cybr1d
how do you know so much about them...besides being from the same country. Unless you personally know them, how can you claim they don't know ****? Before calling them newbies just because you "think" they use other people's tools, without actually personally knowing them, sit back and think first.

You are assuming he hasn't spoken to them. Either way it could be viewed as an assumption by yourself or cacosapo. He makes it sound as though he has talked to them before.

***CXGJarrod*** · May 12th, 2004, 05:11 PM

I am surprised you didnt look this one up guys. His "friend" is hosting thier website at EV1Servers and it should be their issue if the server goes down or is hacked. As it is listed in the Arin database they should email abuse@ev1.net or admin@ev1.net to fix this problem. Who knows how many more servers they have accessed.

Source:
http://uptime.netcraft.com/up/graph/...alinehorse.com

Source:
http://ws.arin.net/cgi-bin/whois.pl and enter in the IP address 207.44.184.90.

**TheSpecialist** · May 12th, 2004, 06:55 PM

"Even in the United States you can't charge someone for defacing your site(s) unless you can prove more than $5000 in lost revenues (at least last I was aware)."

*cough BULLSHIT *cough *cough

There is a difference between being charged with something and paying fines than actually going to jail.

"Your getting ****ed one way or the other" - Joe Peci

***cacosapo*** · May 12th, 2004, 08:29 PM

Sorry, i dont use to tell throw words on a forum without a previous research. Here some info about those guys:

here --> http://ctribulation.webcindario.com/modules/newbb/ <--- you can see their forum. It is in portuguese, and ive READ it. They dont talk like PRO

Until May, 12th they had attacked 2122 sites, according to Delta5. zone-h shows near 3K.
"Friend" groups that they allways mencioned on all mirror sites (like Cyberlords and others) identify themselves as defacers. On a online interview of one of those groups(Cyberlords) told to interviewer "we know nothing about networking, we just love to corrupt websites". And the description of their acts prove that they dont have a good knowledge of nets.

On several public brazilian forums, they appear related to other newbie groups (kids, usually between 14-17). Of course, age doesnt imply on lack of knowledge, im just showing information. Language and expression used on those forums show that they have poor knowledge of networking.

Thats why i told they are newbies.

Thread: Site hacked!!!

Thread Tools

Display

Posting Permissions