Computer Science Canada

Hackers?

Author:  Amailer [ Sat Dec 27, 2003 11:08 am ]
Post subject:  Hackers?

http://www.btc2k.com./

the same people that took down compsci's server for a bit.
[ Darn was hit..now its not..forgot to take an SS AGAIN ]

Author:  Dan [ Sun Dec 28, 2003 12:20 am ]
Post subject: 

probly b/c they are on the same host, any way thous "hackers" where more of scriped kiddys and just stole a password

Author:  Thuged_Out_G [ Sun Dec 28, 2003 1:06 am ]
Post subject: 

stealing a pw dont make you a script kiddy

now, using someone elses programs to get a pw makes you a script kiddy

Author:  Dan [ Sun Dec 28, 2003 1:46 am ]
Post subject: 

i know, i did not tell the full sotry of what happend. i was just summing it up and they did uses a realy dum scriped to take advatage of our host. b/c our host uses a shared hosting method (ie. one server has more then one site) they where able to run a scriped that messed with the index page of each foloder on the server.

any how they did no damage b/c the host backed up 1h b4 the hack and they had the resotred verson up in less then a day. And i think the host is going to take legal action agested them, i dont think they even coved there traces.

Author:  Tony [ Sun Dec 28, 2003 1:02 pm ]
Post subject: 

so wouldn't that require them to own a site that is hosted on the same server as compsci.ca ? Confused

Author:  naoki [ Sun Dec 28, 2003 8:06 pm ]
Post subject: 

too bad we can't find out where they live, i'd sure like to physically congradulate them for hacking (i.e. pinching their nipples with scissors)

Author:  Mazer [ Mon Dec 29, 2003 7:23 am ]
Post subject: 

naoki wrote:
too bad we can't find out where they live, i'd sure like to physically congradulate them for hacking (i.e. pinching their nipples with scissors)


Laughing
you've got a funny sense of humour naoki. and i hope i never piss you off that much.

Author:  Amailer [ Mon Dec 29, 2003 9:31 am ]
Post subject: 

Every message they leave behing is 'Patch your box'
( that means patch yoru computer right? )
So they only hack unpatched hosts computers?? lol

Author:  Dan [ Tue Dec 30, 2003 12:30 am ]
Post subject: 

Amailer wrote:
Every message they leave behing is 'Patch your box'
( that means patch yoru computer right? )
So they only hack unpatched hosts computers?? lol


achoaly the host was fully pachted and that is not how they got in, i will post the e-mail from our host about it soon so you can see what they say about it.

Author:  Mazer [ Tue Dec 30, 2003 8:14 am ]
Post subject: 

Hacker Dan wrote:

achoaly

HOLY CRAPOLY! i gotta go update the dictionary! Laughing

ok but seriously, you guys would be able to trace the guys that hacked the server right? any plans on what to do once you know who they are?

Author:  Dan [ Wed Dec 31, 2003 12:56 am ]
Post subject: 

well i dont have the logs of it b/c the hack was on our host not compsci.ca directly so that whould be up to our host.

oh and our hosts replay:

Quote:

There was a hacker attack on the Kazix server that hosts your
> website. The hacker group calling themselves TechTeam found out
> one client on the server's password and ran a script on their
> account which, essentially, searched the whole server for any
> file named "index" and replaced it with its own site.
>
> The datacenter we work with has heard of this group and was very
> well aware of how they operate and how to combat it. Despite
> what their replacement website said, this attack has nothing
> to do with our server software not being up to date or patched.
> The attack exposed a weakness in shared hosting - that each site
> is a folder on the same server and scripts need to access numerous
> folders in order to operate. To make sure this weakness is not
> exposed again, we have implemented what's known as Web Group
> Protection. This disables scripts by default from accessing any
> folders except the one they're in. This will be inconvenient
> for some legitamate scripts - but we feel it is a necessary
precaution.
> If you need to enable this feature, let us know and we will decide
> on a case by case basis.
>
> The good news is that there will be no loss of data, as the server
> was backed up last night very shortly before the attack. We are
> in the process of restoring all your data, it should be completed
> very soon, if it has not already. Please note though that any
> changes you may have made since last night (12/23/2003) will
> not be restored.
>
> Thank you for your continued support and cooperation as we work
> to complete this. Please contact us if you have any questoins.
>

Author:  octopi [ Wed Dec 31, 2003 3:13 am ]
Post subject: 

Wow....they make it complicated....but its really easy to fix the problem....

If your on a unix server, then set file permissions right!!

Good hosts make it so all 'scripts' run under the website's userid (script on compsci.ca would run under compsci's username) Under unix you can set it so that only the following can edit your files, read them or execute(run) them

Yourself (compsci's username)
Group (other shared hosting people)
Everyone (self explainitory)

now....If I give a permission of 7 (w,r,e) to Everyone....then everyone can edit my files.
Now If I set everyone to 4(r) then others can only read my files.

A good setting for shared hosting thats properly configured (so scripts run under there userid, and not under one specific one) is

744 - read, write, execute for ME, read only for everyone else
755 - same as above, but everyone can execute.


If dan wants to do me a favor, and check who the host runs scripts under he can put this php code in a file, and tell us the output.

code:
<?
        $username = `whoami`;
        print "I am: $username";
?>


(On my site: http://octopi.kyed.com/compscistuff/whoami.php)
Mine shows its running under www, a general username. (Very BAD for shared hosting.)


: