Re: [ISN] Anti-Nuke Cracker Strikes Again

From: mea culpa (jerichot_private)
Date: Sat Jul 04 1998 - 17:51:25 PDT

Next message: mea culpa: "Re: [ISN] Anti-Nuke Cracker Strikes Again"

Previous message: mea culpa: "[ISN] ICSA employes an undercover hacker spy."
Maybe in reply to: mea culpa: "[ISN] Anti-Nuke Cracker Strikes Again"
Next in thread: mea culpa: "Re: [ISN] Anti-Nuke Cracker Strikes Again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[Moderator: Unfortunately I replied without reading the entire
 article. :)  Yes, you can change 300 vhosted sites in an hour.
 BUT, that brings up another mistake. Hacking a single server
 with 300 vhosts doesn't qualify as a "mass attack" in my eyes.]

Reply From: Russell Coker - mailing lists account <bofht_private>

>[Moderator: Saying this took one hour is quite misleading or downright
> wrong. Even if the sites had already been hacked, it would take more
> than an hour to log into each of 300 servers and upload a new page.
> I am contacting James Glave to get a list of which sites were hit as 
> well.]

   The article referrs to a web hosting service.  If there were 300 web pages
on a single IP address using HTTP 1.1 then it wouldn't take very long to
delete 300 records in the web server configuration file and replace them with
a single record that makes it a single web server.  That should take about 5
minutes to do once you have root access, cracking a vulnerable machine should
be doable in 10 minutes if you've got a hacking kit, that leaves a leisurely
45 minutes to actually upload the replacement web pages.
   Of course if they say that 300 different servers in 10 countries were
hacked in an hour then it would be blatantly wrong.  But my interpretation of
the 2 paragraphs below indicated 300 different virtual web servers on a single
machine which makes it quite plausible.

>The mass hack happened almost by accident.
>While scanning a large network, looking for
>security weaknesses, JF and his colleagues came
>across a Web site hosting company called
>EasySpace. The firm, based in Kingston upon
>Thames, England, offers "virtual domain" hosting --
>an arrangement where multiple Web sites are
>located on a single server. 

>"We ... came across this, at first by accident,
>then [we] realized what it was, and as we were
>planning a mass hack, we decided to put it into
>operation," JF said. 

---
I'm an independant computer consultant.  I prefer to do Linux administration
and programming.  OS/2 programming is also fun, and I do sometimes do NT
programming.  I mainly do C++ programming, but would like to get into Java.
This should satisfy the curiosity of those on SERVER-LINUX.

-o-
Subscribe: mail majordomot_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

Next message: mea culpa: "Re: [ISN] Anti-Nuke Cracker Strikes Again"
Previous message: mea culpa: "[ISN] ICSA employes an undercover hacker spy."
Maybe in reply to: mea culpa: "[ISN] Anti-Nuke Cracker Strikes Again"
Next in thread: mea culpa: "Re: [ISN] Anti-Nuke Cracker Strikes Again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:54 PDT