Defacers Really a Problem?

[PM8228]

As SodaP said it isn't the defacement that is the major problem; that can be easily restored. The issue is that you have security hole and that the defacers could possible have access to "secret" information such as passwords, etc... However, I think people who deface websites just want to get their name out there and don't care a whole lot about what your server has. Think about it this way, would you advertise the fact you can break in so they tighten up security and change passwords if you want access, especially continued access? Of course not. Defacers are either script kiddies or people who don't know very much, or it is someone who is looking for a challenge (depending on what webserver they crack, say Microsofts or Googles is probably harder than joeschmo.com).

-Cheers-

[Tedob1]

Originally posted here by unit321
Everybody seems to treat website defacers like they are the scum of the earth.I dont agree with what they do, but are they really that bad?

i put them on a par with those that would spray paint your property after you fix it up. well actually a step or two below that. sure its easy to restore it but it takes some time and effort to see what else has been compromised which means $$. the site should have been secured better so one or more people could loose their jobs for it. it could have been a new admin just getting started and advice on the vuln would have been appreciated. but after the defacement its going to take allot of effort to overcome that blackmark. i dont think there bad. they might take that as a compliment. i think they're nauseating punks that need a spanking.

[Darksnake]

I see asking if defacers are a problem akin to everyone saying hackers are malicious. Its a misconception imo. If people were able to secure their box from attack and configure everything correctly, then they should not get defaced. If you do, then find out how they did it and fix it.
Its probably been said but (quit reading thread after juridian's post....got bored) I feel the idea needs to get pounded into people.

They arent the Problem you are. hmmm maybe i'll put that on a uncle sam picture.

[hopelessC#coder]

I agree with what seems to be the general consensus. Defacing is an illegal act and looks bad on the company/person running the site. Who cares about the number of links to the site when it's reliability has been tainted?

Just my opinoin but if I ever saw a financial institution get defaced and posted on Zone-H, even if for just a few minutes, I can garentee you that I'd yank my money from their accounts and make sure to never do business with them again. If they don't take security seriously enough on their web servers, what makes you think they're taking it any more seriously on the rest of their servers?

I say we always need to be keen on the ways sites can be defaced, cause if they can be defaced, the intruder likely has plenty more access to the system then I'd ever like them too.

[chsh]

There are ways a defacement can occur without running vulnerable software. Whether it be weak FTP passwords, an automated entry path not involving the webserver in question, or even social engineering. Almost all defacements occur due to configuration issues I would say, or rather, the bulk of the attack vectors would be configuration issues.

To answer the OP's question, no, defacers are not a problem for me. Consider that a defacement can be prevented/blocked with appropriate configuration and maintenance practices. Sure, it's not behaviour to be encouraged, but it's a reality of the internet, sysadmins who manage/maintain sites that are defaced are partially to blame.

Originally posted here by slarty
If someone defaces your site, you obviously have a security vulnerability - you should proceed based on the assumption that they have admin/root access on your server and act accordingly unless you definitely know otherwise.

That depends largely on your configuration. If you have an insecure configuration where root access via the webserver is achievable, you are correct. If you do not, you have recourses other than Format & Reinstall.

This is typically very expensive, requiring considerable downtime while you reinstall the OS, restore everything from backups, reinstall the security patches, and audit any data you had to take from the compromised system (for example database data which could have been subtly modified).

Then there's the annoying task of reissuing all your legit users with new passwords, re-establishing any trusts you have set up to allow external programs in.

If you're running a web application which uses its own authentication, you have to re-issue all the passwords for that system, as the attacker could have compromised those too.

Again, this depends largely on the configuration of the system. It is not 100% necessary at all times.

Originally posted here by The Grunt
Hint Hint... When you are posting on an IT security forum, you have to accept that most ASSUME you are talking about corporate websites, that run their own servers. Not some puny little website on 50megs.com....

I don't see why. There are likely an equal number of people who use other hosts here as host their own whether workplace or personally. Indeed the bulk of the questions asked and advice dispensed here relates to home use, not corporate use. Consider the number of "What is the best software/hardware firewall/antivirus/etc.?" threads, and it points to a larger percentage of users being home/SOHO users.

Originally posted here by slarty
If there's even a *slight* chance that a blackhat has put backdoors in a machine, it MUST be reformatted. Potentially compromised data MUST be audited. This all takes a long time. It needs to be avoided.

Every time you boot up and connect to the internet there is a *slight* chance a blackhat could/has put a backdoor on your machine. There are other verification methods than simply "format and reinstall". That is a time consuming way of going about things, and if that's how you do things it explains your view on how much of a pain it is to recover from a defacement.

[unit321]

Originally posted here by valhallen
Most sites are also moving away from the old style static pages to dynamic content which normally involves some sort of Database. Now changing your hompeage back aint gonna be that hard as long as you make a backup everytime you update - just load up the backup

but what about i they drop the table your using in your database? Even if your doing daily backups of the database your stil going to lose what ever information has been entered into that database since the last backup - which would be a pain.

Also as alot of people have said already - ok it might increase your hits....but for all the wrong reasons. More people may see your site but less will trust it. Would you write all your credit card information down on a piece of paper and leave it lying in a busy street?

Well thats what you would be asking your visitors to do with any details you collect from them. The fact that someone accessed your site shows that any information you collect from visitors is not secure - and if your visitors know this do you think they will ever trust your site enough to give over sensitive information?

As for your site itself - I really hope you aren't offering webhosting as for you its just a pipe dream and i would give it up now. Its not that you dont have the knowledge to run one (which I dont think you do) - knowledge can be gained.....its your whole attitude...who would want to have hosting with you? what so that they are constantly being asked to fix their sites as you've allowed some defacer to ruin it.

"I'm sorry Mr X that your site has been defaced and you've lost $700 that you paid the designer for it, as well as the $300 your going to lose while your site is down due to lost business....oh and the $350 your going to have to pay the designer to fix it for you.....and not forgetting the damage to your companies reputation which will cost you new customers and repeat purchases from people who did use your site. But hey its not that big a deal - think of the extra traffic you'll get!!" ¬_¬

Of course it isn't going to worry you - your site is just a place to put up ads



the only _content_ on the site the rest is ads - thats just taking the piss!! and a whole 100 visitors....no wonder your soo keen on doing anything to drive up traffic Oo

v_Ln

we dont have just 100 visitors, that is since the site has been down with no data. We have had thousands and have like 60 members. (b4 the crash) The defacers didnt cause the crash, the host ran out of disk space and crashed. We had like hundreds of posts etc. Were not a struggling site. I think if MR X had enough brains to start that suscessfull of a company, he would have enough to see hes getting ripped off by his advisor who is using his money to help buy a rolls royce with all the other money he is taking from him.

[Juridian]

It is odd to keep seeing 'Mr X' used as an example since that is the other nick I use....

[unit321]

Originally posted here by hopelessC#coder

Just my opinoin but if I ever saw a financial institution get defaced and posted on Zone-H, even if for just a few minutes, I can garentee you that I'd yank my money from their accounts and make sure to never do business with them again. If they don't take security seriously enough on their web servers, what makes you think they're taking it any more seriously on the rest of their servers?

I say we always need to be keen on the ways sites can be defaced, cause if they can be defaced, the intruder likely has plenty more access to the system then I'd ever like them too.

If the pentagon got hacked would you leave the country? If you would and you live in america you should have left by atleast the 80s, Pentagon, White house, army, navy, airforce, pretty much all our government sites have been hacked..... Shouldnt you leave using that logic earlier?

[The Grunt]

Those two examples are NOTHING alike. Ok, maybe a little itty bitty bit, but not close enough to count. If your financial institution gets hacked, all you have to do is withdraw your money and walk down the street to a different one (or type a diff. URL if you do net banking). When you have the choice to make your information/money that much more secure that easily, why not? It's a lot simpler than moving out of the country, and costs a lot less.

[Soda_Popinsky]

If the pentagon got hacked would you leave the country? If you would and you live in america you should have left by atleast the 80s, Pentagon, White house, army, navy, airforce, pretty much all our government sites have been hacked..... Shouldnt you leave using that logic earlier?

Lets use that logic to your argument.

If the bank / webhost / ecommerce web site I use on a regular basis got hacked, would I discontinue my business there?

HELL YEAH.

Would I refer them to anyone?

HELL NO.

Could someone possibly sue them for negligence if their personal information was lost (3 times)?

For the sake of your buisness / site / whatever... I hope you get the idea.