x-bit Labs hacked tonight!

c627627 · 04-25-05, 12:20 AM

Front page quotes those guys frequently.
http://www.xbitlabs.com/

What protects us from people like that? Why do hacked pages stay up relatively long?

Mods, apologies if posted in wrong section.

MrCooper · 04-25-05, 12:21 AM

Well i'll be damned

Bios24 · 04-25-05, 12:30 AM

Whoops, someone's getting a pink slip at the security desk. I wonder how/who hosted the site and why it got hacked?

David · 04-25-05, 04:40 AM

If they gained root access and changed the root password then that may explain why it would take some time to fix.

This would possibly be better off in Internet, Networking and Security section.

Slackfumasta · 04-25-05, 07:15 AM

The most common type of attack on web servers is a WebDAV exploit attack. It allows a hacker to use a 'PUT' command to place a file onto a webserver through their browser.

What they do is use the PUT command to put files like index.htm, default.htm, index.asp, etc on the webserver. It does not overwrite any existing files on the webserver, but if somebody is running IIS (for example) and doesn't change the default document to whatever they are using, it's possible that a hacker can PUT a filename that is higher on the default document list, and that is what gets served out to clients first. This is a 'script kiddie' kind of attack.

It's also not uncommon for webservers running Windows to have Remote Desktop enabled, and not be behind a firewall. Many of the hosting services where you can pay for a machine to be hosted can only be administered this way, but if the owner of the server doesn't do simple things like change the 'administrator' account to a different name and use a strong password, those can be hacked.

It's also possible that whoever hacked it is really good at actually compromising machines, but that's more uncommon.

buckontour · 04-26-05, 02:46 PM

I'm always weary of hackers! I signed up with annonymizer last year so i have total protection and anonimity when I'm surfing

Check it out.. www.protry.com/hide

I think I'm gona sign up again this year again it's so good

c627627 · 04-29-05, 08:12 AM

Thanks David, I should have posted there, sorry.

But can you believe four days later and the site is still only intermitently available, meaning if you get a determined hacker, there is then nothing you can do, is that the state of site protection capabilities nowadays?

Leviathan41 · 04-29-05, 08:53 AM

Wow! 4 days later and all they have up is

Performing maintenance to better serve you.
Visit us soon.

elfiena · 04-29-05, 08:58 AM

I am not a big fan of being hacked, but i think hackers are necessary as they are the driving force for improving network security. IMHO i'd rather suffer 1 uncoordinated hack every 20 days with something like putting "3y3 p0wn j00" on website by a kid in his/her basement than suffer 1 coordinated hack every 20 weeks aim to cripple the whole network by some foreign power. i also appreciate the freedom internet technology has, which made hackers possible to exist. i kinda like the idea technical know-how being set on the same plainfield as power and wealth

c627627 · 04-29-05, 11:02 AM

Why does it take so long to simply put up a backup version of your site after an attack, I take it it's not as easy as when something goes wrong on your desktop where you can't really loose much if you have backup drive image files from which you can simply reimage the entire system in minutes?

elfiena · 04-29-05, 12:27 PM

because restore of a couple gig wide database include customer info + products + webpage data takes time, so does restoring the os of your server. The restore job alone will take around 4 hours to finish because tape and dvds are slow. even if you have multiple backup web servers, if database server is compromised, you are still dead in the water. backup database servers are not fun to run because you'll end up merging two database and take out duplicates... which is nasty. and you can never be sure merging will work successfully or not...

c627627 · 04-29-05, 01:21 PM

Takes time from DVD & tape? The process involves copying data, like you do on a desktop?

With hard drives being so cheap, why not simply hook up a backup HD so that there is no copying involved?

David · 04-29-05, 01:26 PM

Quote:

Originally Posted by c627627

Takes time from DVD & tape? The process involves copying data, like you do on a desktop?

With hard drives being so cheap, why not simply hook up a backup HD so that there is no copying involved?

A spare hard disk does not protect you from scenarios where the server is destroyed. ie if the building burns down, or a power surge fries the innards.

The best backup policy is probably one local backup on a different machine, or on hard media in the building and one backup at a different location.

c627627 · 04-29-05, 02:24 PM

Yes, that's as far as backup policies go David, but the topic was why does it take so long to restore service if there can be 'ready to go' hard drives to be phsically connected with no need to wait for backups to be copied from tapes.

elfiena · 04-29-05, 03:02 PM

Quote:

Originally Posted by c627627

Takes time from DVD & tape? The process involves copying data, like you do on a desktop?

With hard drives being so cheap, why not simply hook up a backup HD so that there is no copying involved?

unless you are using mirroring raid, this wont work. most of industries use raid 5, which means data get spanged onto multiple volumes. even with a mirroring controller, you can't just hotswap one hard drive and expect it to work because it wont. when you are using a mirroring controller, you have to swap the entire chain.

"then why don't you swap the entire chain?"
simply put, when you get hacked, data might be written onto both chains

"what about backing up to an another server somewhere else?"
ideally, it is done, but this is expensive and can cause problems as there might be tiny hardware/configuration differences that might cause total crash if you just swap the raid chain. besides, if you do that, you might as well just swap the server

"what about hotswapable drive backups?"
this only works if your data can fit on one drive or else you still need to copy.

PCGUY112887 · 04-29-05, 08:08 PM

Plus they already have a way into the server... you don't know if files were placed to allow them to get in the day before or the month before. You don't want to throw your server image on there and run the risk of putting a hole back online for them to get into, because who knows what they will do the second time they go in (steal CC numbers, etc).

04-25-05, 12:20 AM	Thread Starter #1
c627627 Senior Member Join Date: Feb 2002 Location: Kansas	x-bit Labs hacked tonight! Front page quotes those guys frequently. http://www.xbitlabs.com/ What protects us from people like that? Why do hacked pages stay up relatively long? Mods, apologies if posted in wrong section.
	QUOTE Thanks

04-25-05, 12:21 AM	#2
MrCooper Member Join Date: Apr 2005	Well i'll be damned
	QUOTE Thanks

04-25-05, 12:30 AM	#3
Bios24 Member Join Date: May 2004 Location: Kansas City, MO	Whoops, someone's getting a pink slip at the security desk. I wonder how/who hosted the site and why it got hacked? __________________ Antec P180 - Corsair HX520W - Dell 2005fpw Opteron 165 <Currently 280x9 1.35v> DFI NF4 Ultra-D - 2gb G.Skill 3-4-4-8@250mhz 320gb+200gb Seagate - XFX 6800GS 500/1.2ghz Sound Blaster X-Fi - BA7900 5.1 Surround Thermalright XP-90C - <The Quiet Overclock> [ HEATWARE ]
	QUOTE Thanks

04-25-05, 04:40 AM	#4
David Forums Super Moderator Overclockers.com Lead Editor Join Date: Feb 2001 Location: Hiding from Americans and making pretty colours in a drybox in St Andrews	If they gained root access and changed the root password then that may explain why it would take some time to fix. This would possibly be better off in Internet, Networking and Security section. __________________ David J. Nelson MChem(Edin) PhD(Strath) AMRSC [Academia Profile] OC Forums Super Moderator // Overclockers.com Editor The Workhorse: [Lenovo W510] Intel Core i7-720QM / 8 GB DDR3 / nVidia Quadro FX880M / Crucial M4 256 GB SSD / Windows 7 The HTPC/Server: AMD Phenom X4 9650 / 6 GB DDR2 / nVidia 8300 / 5 TB of HDDs / Antec Solo II Case / Windows 7 The Gaming Rig: AMD Llano A6-3650 / 4 GB DDR3 / nVidia GTX260 / 2x 500 GB HDD in RAID0 / Antec Dark Fleet DF-85 Case / Windows 7 The Benchmarking Setup: Various LGA775 chips / Asus Rampage Formula / 2 GB OCZ 1066 MHz DDR2 / nVidia Quadro NVS 285 / 320 GB HDD / Windows 7 My research fellowship is eating all my time, so I may be slow to reply to emails and private messages.
	QUOTE Thanks

04-25-05, 07:15 AM	#5
Slackfumasta Member Join Date: Dec 2004 Location: My own personal HELL!	The most common type of attack on web servers is a WebDAV exploit attack. It allows a hacker to use a 'PUT' command to place a file onto a webserver through their browser. What they do is use the PUT command to put files like index.htm, default.htm, index.asp, etc on the webserver. It does not overwrite any existing files on the webserver, but if somebody is running IIS (for example) and doesn't change the default document to whatever they are using, it's possible that a hacker can PUT a filename that is higher on the default document list, and that is what gets served out to clients first. This is a 'script kiddie' kind of attack. It's also not uncommon for webservers running Windows to have Remote Desktop enabled, and not be behind a firewall. Many of the hosting services where you can pay for a machine to be hosted can only be administered this way, but if the owner of the server doesn't do simple things like change the 'administrator' account to a different name and use a strong password, those can be hacked. It's also possible that whoever hacked it is really good at actually compromising machines, but that's more uncommon.
	QUOTE Thanks

x-bit Labs hacked tonight!

Internet Services

Website Development

Tech Hardware

04-26-05, 02:46 PM	#6
buckontour New Member Join Date: Apr 2005	I'm always weary of hackers! I signed up with annonymizer last year so i have total protection and anonimity when I'm surfing Check it out.. www.protry.com/hide I think I'm gona sign up again this year again it's so good
	QUOTE Thanks

04-29-05, 08:12 AM	Thread Starter #7
c627627 Senior Member Join Date: Feb 2002 Location: Kansas	Thanks David, I should have posted there, sorry. But can you believe four days later and the site is still only intermitently available, meaning if you get a determined hacker, there is then nothing you can do, is that the state of site protection capabilities nowadays?
	QUOTE Thanks

04-29-05, 08:53 AM	#8
Leviathan41 Join Date: Dec 2003 Location: @Home, Folding	Wow! 4 days later and all they have up is Performing maintenance to better serve you. Visit us soon.
	QUOTE Thanks

04-29-05, 08:58 AM	#9
elfiena Member Join Date: Apr 2005	I am not a big fan of being hacked, but i think hackers are necessary as they are the driving force for improving network security. IMHO i'd rather suffer 1 uncoordinated hack every 20 days with something like putting "3y3 p0wn j00" on website by a kid in his/her basement than suffer 1 coordinated hack every 20 weeks aim to cripple the whole network by some foreign power. i also appreciate the freedom internet technology has, which made hackers possible to exist. i kinda like the idea technical know-how being set on the same plainfield as power and wealth
	QUOTE Thanks

04-29-05, 11:02 AM	Thread Starter #10
c627627 Senior Member Join Date: Feb 2002 Location: Kansas	Why does it take so long to simply put up a backup version of your site after an attack, I take it it's not as easy as when something goes wrong on your desktop where you can't really loose much if you have backup drive image files from which you can simply reimage the entire system in minutes?
	QUOTE Thanks

04-29-05, 12:27 PM	#11
elfiena Member Join Date: Apr 2005	because restore of a couple gig wide database include customer info + products + webpage data takes time, so does restoring the os of your server. The restore job alone will take around 4 hours to finish because tape and dvds are slow. even if you have multiple backup web servers, if database server is compromised, you are still dead in the water. backup database servers are not fun to run because you'll end up merging two database and take out duplicates... which is nasty. and you can never be sure merging will work successfully or not...
	QUOTE Thanks

04-29-05, 01:21 PM	Thread Starter #12
c627627 Senior Member Join Date: Feb 2002 Location: Kansas	Takes time from DVD & tape? The process involves copying data, like you do on a desktop? With hard drives being so cheap, why not simply hook up a backup HD so that there is no copying involved?
	QUOTE Thanks

04-29-05, 02:24 PM	Thread Starter #14
c627627 Senior Member Join Date: Feb 2002 Location: Kansas	Yes, that's as far as backup policies go David, but the topic was why does it take so long to restore service if there can be 'ready to go' hard drives to be phsically connected with no need to wait for backups to be copied from tapes.
	QUOTE Thanks

04-29-05, 08:08 PM	#16
PCGUY112887 Member Join Date: Oct 2003 Location: Illinois	Plus they already have a way into the server... you don't know if files were placed to allow them to get in the day before or the month before. You don't want to throw your server image on there and run the risk of putting a hole back online for them to get into, because who knows what they will do the second time they go in (steal CC numbers, etc).
	QUOTE Thanks

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search