Re: [ISN] Anti-Nuke Cracker Strikes Again

From: mea culpa (jerichot_private)
Date: Sat Jul 04 1998 - 17:51:25 PDT

  • Next message: mea culpa: "Re: [ISN] Anti-Nuke Cracker Strikes Again"

    [Moderator: Unfortunately I replied without reading the entire
     article. :)  Yes, you can change 300 vhosted sites in an hour.
     BUT, that brings up another mistake. Hacking a single server
     with 300 vhosts doesn't qualify as a "mass attack" in my eyes.]
    
    Reply From: Russell Coker - mailing lists account <bofht_private>
    
    >[Moderator: Saying this took one hour is quite misleading or downright
    > wrong. Even if the sites had already been hacked, it would take more
    > than an hour to log into each of 300 servers and upload a new page.
    > I am contacting James Glave to get a list of which sites were hit as 
    > well.]
    
       The article referrs to a web hosting service.  If there were 300 web pages
    on a single IP address using HTTP 1.1 then it wouldn't take very long to
    delete 300 records in the web server configuration file and replace them with
    a single record that makes it a single web server.  That should take about 5
    minutes to do once you have root access, cracking a vulnerable machine should
    be doable in 10 minutes if you've got a hacking kit, that leaves a leisurely
    45 minutes to actually upload the replacement web pages.
       Of course if they say that 300 different servers in 10 countries were
    hacked in an hour then it would be blatantly wrong.  But my interpretation of
    the 2 paragraphs below indicated 300 different virtual web servers on a single
    machine which makes it quite plausible.
    
    >The mass hack happened almost by accident.
    >While scanning a large network, looking for
    >security weaknesses, JF and his colleagues came
    >across a Web site hosting company called
    >EasySpace. The firm, based in Kingston upon
    >Thames, England, offers "virtual domain" hosting --
    >an arrangement where multiple Web sites are
    >located on a single server. 
    
    >"We ... came across this, at first by accident,
    >then [we] realized what it was, and as we were
    >planning a mass hack, we decided to put it into
    >operation," JF said. 
    
    ---
    I'm an independant computer consultant.  I prefer to do Linux administration
    and programming.  OS/2 programming is also fun, and I do sometimes do NT
    programming.  I mainly do C++ programming, but would like to get into Java.
    This should satisfy the curiosity of those on SERVER-LINUX.
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:54 PDT