[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [atlarge-discuss] Defacement of site
Abel and all stakeholders or other interested parties and members,
Abel, I appreciate your willingness to help out on this problem and
provide DNS services for ICANNATLARGE.ORG. However, don't
you think that this should have at least been brought to the attention
and awaited approval of the WG-DNS and/or WG-Web participants.
Or are those WG's just for show and therefore have no real purpose?
Secondly Abel,
http://www.able-towers.com/~abel/icann/www.icannatlarge.com/forum/
shows that there is not data available and
http://www.icannatlarge.org/forum/
shows the following:
Temporarily offline
Please take up all discussions
on the "At Large Discuss" Mailing List
(atlarge-discuss@lists.fitug.de).
This may upset unnecessarily some members as it indicates a lack of
proper and transparent handling of these basic Webmaster functions.
Third, why or what is/was the justification for switching the DNS Name
Servers over to your DNS servers? Why could not the original Name
servers not been fixed or configured properly?
Abel Wisman wrote:
> It seems that there is a need for "explanation" or "proof" according to
> Joop.
>
> I cite from an earlier e-mail from me to WG-DNS from minutes before I
> learned of the defacement;
>
> <cut>
> P.S. as test and example:
>
> --16:09:16-- http://www.icannatlarge.com/
> => `www.icannatlarge.com/index.html'
> Connecting to www.icannatlarge.com:80... connected!
> HTTP request sent, awaiting response... 200 OK
>
> ------<getting all files, thus cut>-------
>
> FINISHED --16:09:35--
> Downloaded: 1,046,233 bytes in 34 files
> [root@Prometheus icann]#
>
> As you see all files that one "can" get "freely" (passwd protected parts
> need a little more inventive behaviour) are downloaded fast.
>
> The result :
> http://www.able-towers.com/~abel/icann/www.icannatlarge.com/
>
> Regards
>
> A
> </cut>
>
> Weirdly enough this is where I first saw the defacement.
>
> As for the remainder: ask the panel,. Webmaster and yourself, I have no
> responsibility or influence of anything that happened with the site ot
> the forum, but od know that it usually does not take 4 or more hours to
> stick databases back in sql and re-install the "forum" tarball.
>
> What worries me is that not one of you seem to care about the userdata
> that was compromised, what worries me is that the server in question is
> still up and running.
> Good practice in case of a hack is to take the server in question
> off-line and do forensics; off-line, then replace the HDD('s) and
> re-install, protect better, bring it on-line.
>
> Now the client can put his/her back-ups back on the machine.
>
> Read for php hacks on google ???? I really never heard they took over
> security focus which always has been one of the forefronts for these
> things.
>
> Furthemore on a personal note Joop:
>
> I think you should be less quick on inuendo's towards anyone. An out of
> place and context cut does not hack it with me as an argument, though
> you might think it does on this list, but it doesn't. You quote me
> incomplete and you know it, this is without going into plot-theories
> simple to proof and with the first part it becomes perfectly clear that
> I told them to put the back-up on the site, so there goes one theory.
> Next the list thomas gracefully hosts for this group; fitug.de is a
> University, with professional system administrators on more then enough
> bandwidth, I do not have that fear and am also sure that if anything
> happened with the list, Thomas would immediatley produce a subscriber
> lsit.
>
> Other maillists (WG ones setup by Jefsey) are run on yet another
> machine.
>
> I am also pretty sure that neither Sotirus nor James hacked the forum to
> get it down, since I think both of these gentleman are democratic
> creatures that might not like the technique you used, but respect
> majority decisions.
> Then you state:
>
> <cut> Craig StGeorge of webfarm will be able to help you with server
> security in
> general. It is his server security that is at stake and there may have
> been
> other clients affected on the same server </cut>
>
> And that server hosts more clients and is still up and running ? Somehow
> I wonder if he even knows. But it should have been off-line completeley.
>
> And since you want to know whether the culprit can do it again (please
> do not refer to this person as a hacker) well without having
> root-privelidges you can never tell at all, and even with I would doubt
> you could find it, if he/she was any good.
>
> As i said earlier, clean it up, protect better, move back-ups in and
> start roling again.
>
> Kind regards
>
> Abel
>
> ===========================
>
> Information in this electronic mail message is confidential and may be
> privileged.
>
> It is intended solely for the addressee. Access to this message by
> anyone else is unauthorised. If you are not the intended recipient any
> use, disclosure, copying, or distribution of this message is prohibited
> and may be unlawful.
>
> Any attachment has been checked for viruses, but please rely on your own
> virus checker and procedures.
>
> If you contact us by email we will store your name and address to
> facilitate communications.
>
> =========================
>
> Able Towers and Able Consultancy are tradenames of Moordata Ltd.
>
> 2 Brickett Close
> Ruislip
> Middlesex
> HA4 7YE
> UK
> +44 1895 635413
> +44 77 53837191
>
> www.able-towers.com
> www.url.org
>
> best co-lo rates in the UK
>
>
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup - (Over 127k members/stakeholders strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 972-244-3801
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de