Zone-H.org Website Defaced 1/25/07
To many in the security community, Zone-H is a useful site to get information on the latest news, geared for the technologically oriented. The site is also notorious for being a target for website defacers. Yesterdays attack is just one in many unskilled attacks over the years, where a Skiddy (script kiddie) defaced Zone-H; and Zone H almost cheerfully retells the stories and then posts them in their archives for all to read. There have even been denial of service attacks on the defaced website by angry H-Zone readers. Although the majority of the hacks were due to the article contributors getting socially engineered (conned), there have actually been some elaborate hacks; which translates to an interesting and educational story (posted in their archives). The best story I found, was how someone hacked an article contributors hotmail account and forced a password reset for that user to the hotmail inbox. The attacker used the contributors account to post their own html files, and then uploaded a php script which opened a shell on the main content server; all articles have to be reviewed by an admistrator before being posted; the attacker was able to elevate their privileges to that of an administrator, and then gained full control of the site. (for a more in depth article on what happened, visit Zone-H to read the article at http://www.zone-h.org/content/view/14458/31/)
Yesterdays attack was the work of an unskilled trouble-maker, who was able to trick the domain registrar into transferring the domain to an IP controlled by the attacker. Website defacements are one of the easier attacks to perform, since the server is hosted on public domain (the internet). Often times, the attacker will exploit a bug in the web server (Windows boxes are frequently updated due to bugs) that was either unpatched due to the admin’s error, or is a new exploit with no patches yet to fix the software bug. Sometimes an attack is as simple as stealing the webmasters login info, and changing the content on the site. Unfortunately, the only way to mitigate the risks is through due diligence. Patches for critical bugs must always be tested and applied asap. Admins and others who contribute to the website, must be educated about best practices. It also doesn’t hurt to have a company like Secnap monitoring your domain for malicious activity. (to view the article on yesterdays attack visit http://www.zone-h.org/content/view/14498/31/)
