Vandalism and Recovery
NetBuilders, along with The Tech FAQ Proxy list, The Tech FAQ Blog, FreeEmoticons.us, and AtProxy, were vandalized today.
Unfortunately, the vandal destroyed quite a bit of the system. I've restored a backup of the NetBuilders database from earlier in the day, but all posts since the last backup have been lost.
The vandal claims to be a kid named "Yazan" from Palestanian.com.
I think the kid got in through a vulnerability in the script I was using in FreeEmoticons.us. He may also have gained access through a Wordpress 2.8.5 vulnerability before I upgraded to 2.8.6 a few days ago.
Really, we are running so many scripts on this server that my mother could vandalize it. Security is impossible in an environment as open as this, and people will always take advantage of that. Frequent backups are the best defense against these unhappy people sharing their unhappiness.
It is important that we are back on track quickly, I think we need to take more care in future for such kind of attack.
Yeah, i noticed this while trying to access NB. Good to hear we're back up again and that too quite quick.
Will, are you planning to take any action against this 'kid'?
Whois hasn't any useful info on him. He claims to be Palestinian but has named himself egyptian_hacker on whois.
nameservers are in france, hardly any more info on whois.
NP Will , I am glad that we are back again . I was noticing all situations . First he put down tech -faq and when you made that up than he put down netbuilders . But I think netbuilders took little more time for you .
Thanks for fast action buddy .
Great to be back to this great forum!
Hmm... Its good that its back. :)
- Mr.President -
We need to take some auction ...
i am glad u brought it back
Will it is good to see you back:)will you do anything against the guy who hacked your sites. I am sure law provides you protection. I think you can trace this guy through the whois information of Palestine 4 Ever but there is another possibility what if this all was done by one of your competitors and the guy who hacked your sites did everything in such manner that everybody thinks it was done by Palestine 4 Ever and now you are after Palestine 4 Ever.
The header on the hacked tech-faq homepage said "r00t3d". Was it just the scripts or was root hacked? We were debating in another thread.
Originally Posted by Will.Spencer
appreciate your keep response...
fk those hackers.