Alldas defaced!
PrintOccupational Hazard
Posted in Music and Media, 27th June 2001 08:48 GMT
Free whitepaper – Optimizing the data center for cost and efficiency
Alldas.de, the defacement archive, was... defaced yesterday.
"Around 15:44 the database for the News section had a new topic, simply stating that "Alldas.de got cracked". After ~1 min. the database was cleaned and nothing else on the page was affected. How could this have happened?," The site said on its news page.
Alldas figured out what the intruder had done by poring over the log files - its analysis was confirmed by the cracker, who emailed: "I had no intention to clear your database or to root your server. No attempt
to do this has been made." Alldas says its log files show different.
The cracker suckered Alldas' scripts to mirror another Web site. This site "was used to execute commands on the server (as an unprivileged user)".
No higher access levels were reached - the cracker was unable to read mail or to download or install bindshells.
"The actual penetration wasn't really big, though it is kinda embarrassing to get 'defaced' as a defacement mirror," Fredrik of Alldas said on the site. "We regret it that the attacker didn't inform us about the bug and choose to deface the site with all the consequences that go hand in hand with it." ®
Enabling The Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Analyst Keynote: The Register Agile Data Center Summit
Dirty, dirty PCs: The X-rated picture guide
Top 500 supers - rise of the Linux quad-cores
Early adopters bloodied by Ubuntu's Karmic Koala
Sign up, sign up for The Register IT security newsletter