-
May 11th, 2004, 03:58 PM
#1
Member
Site hacked!!!
I have a friend whos site was hacked a littlte while back by a group calling themselves "Hacking for Jesus" aka "Command Tribulation". Unluckily, he is having some trouble getting his site back up. www.alkalinehorse.com and the "hackers" site is http://www.revolutiongospel.net/, or at least thats the link they left on his website. Unluckily I am not sure if he kept any logs. I am just wondering if this group is widely known. Anyway, any help that can be provided will be appreciated.
\"The wise programmer is told about Tao and follows it. The average programmer is told about Tao and searches for it. The foolish programmer is told about Tao and laughs at it.
If it were not for laughter, there would be no Tao.\"
-
May 11th, 2004, 04:17 PM
#2
Hacking for Jesus? Sounds like a front.
//edit
Uless you want the site up for us all to enjoy the clever words of Jesus, then take it down and boot to a floppy and reformat your hard drives, then reload everything and search AO for "locking down <insert os here>" If you know what your doing to can figure out what went wrong and backup from tape. No logs?No Tape? = Format
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
May 11th, 2004, 04:24 PM
#3
They appear to be a Portuguese hacking group. They host a forum here.
You might be able to social engineer a little more information out of them if you join the forum.
Cheers:
-
May 11th, 2004, 04:24 PM
#4
Well they seem to be a bussy bunch have a look here:
http://www.zone-h.org/en/defacements...d+Tribulation/
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
May 11th, 2004, 05:56 PM
#5
Seem's like a pretty big group (or could be) and is making defacements against your type of website's. Interestingly enough they call themselves Hacking for Jesus, which I think (like RoadClosed said) is a front and a serious load of it. Btw:
sh-2.05# uname -a; id uname -a; id Linux srv1.ariadomain.com 2.4.18-18.7.x #1 Wed Nov 13 20:29:30 EST 2002 i686 unknown uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
Look's to me (based on a number of scan's and research on your site, etc) that they got root on the webserver. Check to see what that's all about and DEFINITELY check your logs.
-
May 11th, 2004, 06:13 PM
#6
do a vulnerability scan on the websterver and see what could have been exploitable and patch it up to avoid further pwnage.
Collect as much data as possible and report it to the authorities.
EDIT:
Ok after a little bit of my own research and the use of some really effective skiddie tools ...I can tell you that his website/webserver had a huge "WELCOME" sign hanging from all its 15 Open ports and some other stuff that I'd rather not share in public display. He seriously needs to lock that box up....is there a firewall installed?
The box is very vulnerable to numerous high risk exploits quite a few medium risks one and one low risk.
I have a report done but I dont think i want to give it to you...as DjM noted, this might be a sad social Engineering attempt.
cheers.
-
May 11th, 2004, 07:59 PM
#7
Member
Thanks guys, gonna have to let my buddy know about this stuff, I have been checking out these Jesus hackers, it has to be a front. Pullezzz. Why would a bunch of Jesus fiends target a 17 year olds webserver? If we were talking pr0n, then I might be able to see why, but thats probably out of thier abilities Anyway, I am joining thier forum, (Hope they speak english, dont want to babelfish EVERYTHING.) Thanks again, ill let him know.
(As for open ports, he shouldnt feel too bad, I once left port 139 open on my gaming machine, yes 139, thats not a typo.)
\"The wise programmer is told about Tao and follows it. The average programmer is told about Tao and searches for it. The foolish programmer is told about Tao and laughs at it.
If it were not for laughter, there would be no Tao.\"
-
May 11th, 2004, 08:00 PM
#8
I did some searching and it seems to me that they are wanna be elitist's but I could be wrong.
Everything that I tried to find out like e-mails were fake but none the less, I agree with everyone he should try to get evidence of there behavior and record it for the authorities. Then fry-um. And this is coming from a true "born again christian"
-
May 11th, 2004, 08:02 PM
#9
Member
Cant anyone track these guys down??? I mean, even the brazillian Govt has gotta be gettin sick of this.
\"The wise programmer is told about Tao and follows it. The average programmer is told about Tao and searches for it. The foolish programmer is told about Tao and laughs at it.
If it were not for laughter, there would be no Tao.\"
-
May 11th, 2004, 08:16 PM
#10
I wouldn't be as worried about just the ports being open, as much as I would for the 21 vulnerabilities on the server.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|