Home Forums General Discussion Servers Hacked

Welcome to our forums. These forums were active from 2003-2014. We have now decided to close them down, but will leave them here as an archive.

Remember you can send us feedback, news, jobs and content ideas by clicking here.

If you're really stuck for time, email news@gamedevelopers.ie.

You can also follow us on Twitter @gamedev_ie 

 

 

This topic contains 25 replies, has 9 voices, and was last updated by  feral 12 years, 2 months ago.

  • Author
    Posts
  • #4172

    RonanHayes
    Participant

    Well this is just great, I come into work early (7am) yesterday morning to to find that my entire server was hack. Some arse in their roaming around messing with things and seeing what they could grab.

    Thank christ I didnt have anything major stored on that server, but never the less it shows how silly/stupid people can be.

    I wouldnt mind if I was a faceless corporation who is making loads of cash, im not. I allow people free space, free emails, a place to put their portfolios. I allow small businesses the chance to have a decent looking site online and most of all I have large communities coming and going.

    Its bloody amazing to see how people can simply hack other peoples work for the hell of it.

    (Sorry about the down time Dave, let me know if anythign was touched or if you want to change password.)

  • #21603

    Max Marshall
    Participant

    Hackers are evil, spiteful little maggots and should all be burned at the stake. Its mindless invasion of privacy and vandalism only for the sake of being able to do so when they hack and disrupt the lives of people like us who aren’t major corporations and the like.

  • #21604

    swisslad
    Participant

    Hackers are evil, spiteful little maggots and should all be burned at the stake. Its mindless invasion of privacy and vandalism only for the sake of being able to do so when they hack and disrupt the lives of people like us who aren’t major corporations and the like.[/quote:a1f98be209]
    My thoughts could not have been expressed any better on the subject.

    Yet,

    I would love to understand where they come from. What are their goals. What pushes them for doing such acts.. I mean they obviously are inteligent enough so what’s their motive?

    Oh and sorry abour what happened to your servers… I share your feeling of helplesness like when your car or flat/house is broken into…

  • #21609

    peter_b
    Participant

    90% of hackers are 12 years who download scripts off warez hacking sites and run them to hack a site. So technically they never did any hacking, just used someone elses work. Most often the script exploiting some sort of buffer overflow vunerability in the web server.

    theres a very simple technique they all use.

    theres several websites on the net which when you enter the http:// it will tell you what version of apache etc. the site is hosted with. After which the hacker looks for an exploit script for this version off the web and runs it. voila website is hacked.

    so moral of the story is to update your versions of apache regularly and check to make sure permission on directories are as they should be.

  • #21610

    Max Marshall
    Participant

    Peter knows too much, he hacked you ronan

  • #21611

    peter_b
    Participant

    haha,

    nah i did a 4th year course in security in college which covered this sort of thing, amongst other things like encryption etc. We even had a white hat hacker in class one day who hacked a college website, to show how easy it was to do. took him 30 seconds to cripple the website.

    for those who dont know what a white hat is. basically they’re hackers which were seduced by the light side and are offered loads of cash by huge corporations to hack the corporate website, intranet etc so they can identify vunerabilities and take appropriate action.

  • #21612

    swisslad
    Participant

    Thanks for the info…

    So they basically really are tw@ts who haven’t passed puberty and can’t even shake their own palmtrees for relief… I see.

    Another question then: what exactly happens when you’ve been hacked? do they steal/retrieve important info from you? Do they simply “visit” hidden parts of the servers/site to make you feel uneasy and stroke their ego? Maybe plant virus/trojans/stuff? What?

  • #21613

    RonanHayes
    Participant

    Well what they tried to do with me was block the site, and take it down. They didnt get very far. Im on the latest stable build of apache, php etc. So its not all that easy to get in, Im no dumb when it comes to permissions and my layout of the structure is certainly not basic, or have any obvious holes.

    All I can assume happened is that they piggybacked in on some script, or expoilted some script. So for now I am removing all php from every site, and rechecking all permissions.

    Basically they could of taken whats there, and to be honest thats very little. Some images, pdf files and doc files.

  • #21615

    peter_b
    Participant

    ya twats somes it up alright.

    basically if you want to be a good hacker (dont try this at home, because you will be caught because amateurs leave tracks all over the bloody web, ip’s, windows etc.)
    but heres how to do it right.

    For educational purposes!!

    hack from an internet cafe for starters, coz if they trace its an ip from cafe. although some cafes now take your name and the ip you have during your session, so you could be caught this way.

    anyway you enter silently as root to th webserver, once you have ran your exploit script.

    create a new account which has similar permissions as root. then before you log off, delete in the logs of the webserver that you ever logged in. because if the real root checks he will notice a new account was created, then your busted ;)

    then logoff and dont go to the site for about a week. Then return and you can log in normally and view private material, steal info etc. thats how you do it smart. each time remember to delete your logged information.

  • #21616

    swisslad
    Participant

    Wow.

    Peter_b you win at the itarhweb, but you lose at life… I just called the web police…

    :lol:

  • #21618

    peter_b
    Participant

    Well what they tried to do with me was block the site, and take it down. They didnt get very far. Im on the latest stable build of apache, php etc. So its not all that easy to get in, Im no dumb when it comes to permissions and my layout of the structure is certainly not basic, or have any obvious holes.

    All I can assume happened is that they piggybacked in on some script, or expoilted some script. So for now I am removing all php from every site, and rechecking all permissions.

    Basically they could of taken whats there, and to be honest thats very little. Some images, pdf files and doc files.[/quote:3856b6f21f]

    ya denial of service is the most common attack.

    pretty easy to do as well, just send a bunch load of requests to open connections, before the previous one has time to time out. So you end up chewing up ports, (consequently when you open a port apache stores the states of the connection requested) so you chew up memory also and no-one else can get a connection.

    permission errors are often very hard to spot because of directories and sub-dir often having different props, but sounds like your confident enough there okay, so thats 1 less thing to worry about ;)

    have you any asp on the site? because that thing is full of exploits. also make sure windows or whatever you use has all security patches, because a windows exploit can allow this too.

  • #21619

    peter_b
    Participant

    Wow.

    Peter_b you win at the itarhweb, but you lose at life… I just called the web police…

    :lol:[/quote:7cb73c847d]

    huh, itarhweb?

    anything i posted is commonly available on the web. and like i said if your stupid enough to hack someones site, then you deserve to be caught.

  • #21620

    swisslad
    Participant

    kidding, just kiddin….

    but thanks for the explanations… It’s a subject that I find interesting I admit. I’m just not malicious or documented enough to undertake such acts though..

  • #21629

    Nooptical
    Participant

    (Sorry about the down time Dave, let me know if anythign was touched or if you want to change password.)[/quote:2c6decf97b]

    No worries, everything seems fine. Cheers Ronan.

    Oh and yes, hackers are annoying w**kers.

  • #21631

    gizmo
    Participant

    Hrm, from what I’ve gathered hackers are either those “freedom of information” nut jobs or those who crave a challenge..then again just like in any area of society there are those people that are just plain jerks! :D

    However some prove amusing…
    http://forums.hostrocket.com/showthread.php?p=96585#post96585

  • #21642

    Darksaviour69
    Participant

    many dreamcast sites have been hacked or a hack attemped in the last year, and they are all open source free non-profit games/emu/apps!

  • #21643

    Skyclad
    Participant

    See, hacking can be a good thing sometimes!

  • #21645

    Darksaviour69
    Participant

    ha ha :wink:

  • #21648

    feral
    Participant

    Hackers are evil, spiteful little maggots and should all be burned at the stake. Its mindless invasion of privacy and vandalism only for the sake of being able to do so when they hack and disrupt the lives of people like us who aren’t major corporations and the like.[/quote:60bd071f2c]

    There are some very contentious semantic issues with the word ‘hacker’.

    Google it, if you want long rants, but basically, the word means different things in different circles; many in the open source community would be offended at statements such as above.
    Again, it’s semantics, but maybe worth being aware of.

    I would love to understand where they come from. What are their goals. What pushes them for doing such acts.. I mean they obviously are inteligent enough so what’s their motive? [/quote:60bd071f2c]

    Afaik, there’s a few different motivations for people that break into computers, and while there is no precise taxonomy, a couple of groups are usually talked about.

    There are the script kiddies. They seem to be what you guys are referring to. Typically adolescent males, using canned exploits and tools, to break into systems and ‘own’ them, for reasons of peer esteem. Low threat to a well locked down network, but they can do a lot of damage as there aren’t many networks well locked down. They aren’t neccessarily very intelligent, or knowledgible, btw, and frequently do malicious things like destroy data.

    I suppose that the next broad group might be more typical blackhat ‘hackers’, or “crackers” as some might prefer them called. They might use a more sophisticated methodology attack.
    It’s kinda hard to figure what motivates people like that.
    Maybe it’s a quest for more information, more computational resources, or to build nets of computers for ddos to achieve personal goals. Maybe they are script kiddies that grow up, or people who are disgruntled or annoyed with society… possibly they just find it fun and don’t have anything else to do.
    People like this are a lot harder to keep out, if they decide to determinedly attack, because they tend to have a lot more knowledge. Flipside is that unless you have a network they specifically want to target, they’ll probably leave you alone, if you aren’t low hanging fruit.
    Someone like this probably didn’t break into your computer, because you probably wouldn’t have noticed that they did.

    There are probably also professional ‘black hats’ doing it for money/crime/business goals. They definitely didn’t break into your computer.

    There’s also ‘whitehats’. Read as ‘good hacker’.
    They might be pissed at the above statements about all hackers being maggots :-P
    Probably motivated by intellectual curiousity about hacking, perhaps financial reward, or are just good computer scientists and engineers trying to build secure networks.

    A lot of open source developers, from the un*x world, would consider themselves to be hackers as well, but that has different meanings really, and is not tied to computer security. Google for info if you want it.

    Ronan, as I understand it:
    Your server was compromised.
    You don’t know how it was compromised yet.
    You say there was:

    Some arse in their roaming around messing with things and seeing what they could grab. [/quote:60bd071f2c]

    Are you saying your box was rooted? This is what I deduce by ‘roaming around’ in? Although you could mean they were roaming around some webUI?

    If your box was rooted, and you don’t know how, then it is quite possible your box is still rooted, and you just can’t tell that it is. If so you are probably best nuking the whole thing, and starting again with more up to date and secure software, and restoring from backups.

    I say this, because the first thing anyone that roots a box will do, whether they are script kiddie or some leet ninja, is install a rootkit – if this has happened, then unless you have been very paranoid (such as taking known good images of your server to diff against) then you are probably safest by just reinstalling.

    So for now I am removing all php from every site, and rechecking all permissions.[/quote:60bd071f2c]

    Again, if they have rooted your box, by exploiting a flaw in a script you are running, which is what I assume you are talking about, then it’s probably much too late to do this.

    All I can assume happened is that they piggybacked in on some script, or expoilted some script.[/quote:60bd071f2c]

    What php scripts are you running anyway? If someone went through the trouble of exploiting a script that’s specific to your site, or rare, then you certainly have a problem.

  • #21650

    Nooptical
    Participant

    People who ‘hack’ personal websites are tits. End of story.

    People who attack commercial corporations or whatever, and have a valid greivance or reason to do so…well, I still consider them tits. But at least they are tits with a proper motive. Tits with a cause I suppose.

  • #21652

    peter_b
    Participant

    If your box was rooted, and you don’t know how, then it is quite possible your box is still rooted, and you just can’t tell that it is. If so you are probably best nuking the whole thing, and starting again with more up to date and secure software, and restoring from backups.
    [/quote:62da1fda7b]

    its easy to tell as root, if any other accounts were created with root priviledges. You dont have to be dramatic and nuke the box! just some simple management will sort it out. find account(s) with root access remove them, update all your server software and you should be fine. its probably a script you got hit with, a simple update of server and likes will sort ya out.

  • #21653

    peter_b
    Participant

    If your box was rooted, and you don’t know how, then it is quite possible your box is still rooted, and you just can’t tell that it is. If so you are probably best nuking the whole thing, and starting again with more up to date and secure software, and restoring from backups.
    [/quote:5107efd835]

    its easy to tell as root, if any other accounts were created with root priviledges. You dont have to be dramatic and nuke the box! just some simple management will sort it out. find account(s) with root access remove them, update all your server software and you should be fine. its probably a script you got hit with, a simple update of server and likes will sort ya out.

  • #21655

    feral
    Participant

    its easy to tell as root, if any other accounts were created with root priviledges. You dont have to be dramatic and nuke the box! just some simple management will sort it out. find account(s) with root access remove them, update all your server software and you should be fine. its probably a script you got hit with, a simple update of server and likes will sort ya out.[/quote:70864b8c60]

    I am afraid that is not correct.
    Again, please google for details, but I will attempt to summarise.

    Basically, on a unix system, when someone has root the can do whatever they like.
    You know this, I assume?

    So, once someone has rooted a box, they can replace all the system utilities with modified versions that report inaccurate information.

    For example, they replace the ps utility with one which shows all the processes, except the ones belonging to their account.

    Likewise, for every other system utility.

    How do you then tell whether there is another root account on the box? The tools you will use to tell will lie to you.

    Maybe this sounds far fetched?
    There are automated programs that do the whole thing, and replace all the system utilities with ‘lying’ versions. There have been such programs for at least 10 or 15 years – probably longer.
    It’s absolutely trivial to do, and well understood.
    Further more, its SOP for anyone who cracks systems – even newbie script kiddies know how to do this much.

    Telling whether or not a box has being rooted, after it has been rooted, is a hard problem.

    There are, of course, ways to detect that the box has been rooted, but they are hard.

    For example, careful sysadmins will take an image of the box, or perhaps a collection of md5s of the contents of files on the box, after it’s installed.
    They will save this somewhere safe, perhaps on a CD under their bed.
    When they suspect a box has been compromised, they will compare the files on the CD, with the files on the harddrive, probably by booting off a live cd which has a known clean OS on it. This way they will know if they have been compromised.

    There are other solutions that are less hardcore, but really, thats the kind of complexity you are talking about, to detect thorougly if a box has been compromised.

  • #21656

    feral
    Participant

    People who ‘hack’ personal websites are tits. End of story.
    People who attack commercial corporations or whatever, and have a valid greivance or reason to do so…well, I still consider them tits. But at least they are tits with a proper motive. Tits with a cause I suppose.[/quote:94e0480f96]

    Yes, I agree.

    I was just pointing out that some people might be offended at the use of the word hacker to describe “people who ‘hack’ personal websites”.

    As there are a few different meanings of the word – for example the ‘white hat’ hackers that peter_b mentioned.
    Are they ‘evil, spiteful little maggots’?

    To stick with peter_bs analogy, it’s a bit like describing all Jedi as powerhungry people corrupted by the dark side :-)

    There is debate about it – its a semantic issue, and not one really worth arguing :)

    Thats the only point I was trying to make, I’m sorry I miscommunicated.

  • #21657

    peter_b
    Participant

    Basically, on a unix system, when someone has root the can do whatever they like.
    You know this, I assume?

    [/quote:090f5d37dc]

    ya funny i think i read that some where :D

    as for the replace ps and the likes, thats in the very extreme cases. most script hackers dont bother with that at all. when your talking about breaking into government sites where they have a dedicated team to hunt you down you might do that. in ronans case its just one guy managing his site so its very unlikely this was what happened.

  • #21658

    feral
    Participant

    as for the replace ps and the likes, thats in the very extreme cases. most script hackers dont bother with that at all. when your talking about breaking into government sites where they have a dedicated team to hunt you down you might do that. in ronans case its just one guy managing his site so its very unlikely this was what happened.[/quote:aaecbfd16c]

    Installing rootkits is not a very sophisicated attack, as you seem to make out.
    It’s quite standard; it’s the first thing many people, even script kiddies, would do when they got root on a box.

    I can’t really prove this easily, although I’m sure someone like the honeynet would have stats.

    However, as evidence that rootkits are not completely rare I direct you towards:

    http://www.chkrootkit.org
    A website for a tool designed to check for certain rootkits and whether they’ve been installed.

    It is an automated tool to check for rookits. Someone obviously felt they were common enough to write an tool to deal with.

    It checks for 57 different rootkits. This means there are at least 57 different canned, automated, tools that do what you say is very rare.

    Do you still think they are used only on “government sites where they have a dedicated team to hunt you down”?

    Fair enough, if so.
    I wouldn’t take the risk. If my server has been rooted, then I would assume it has been backdoored, and rookit’d.

    That’s my .02, obviously everyone is free to administer their own server as they like :-)

The forum ‘General Discussion’ is closed to new topics and replies.