Alldas defaced!
PrintOccupational Hazard
Posted in Music and Media, 27th June 2001 08:48 GMT
Free whitepaper – PowerEdge M610-M710 spec sheet
Alldas.de, the defacement archive, was... defaced yesterday.
"Around 15:44 the database for the News section had a new topic, simply stating that "Alldas.de got cracked". After ~1 min. the database was cleaned and nothing else on the page was affected. How could this have happened?," The site said on its news page.
Alldas figured out what the intruder had done by poring over the log files - its analysis was confirmed by the cracker, who emailed: "I had no intention to clear your database or to root your server. No attempt
to do this has been made." Alldas says its log files show different.
The cracker suckered Alldas' scripts to mirror another Web site. This site "was used to execute commands on the server (as an unprivileged user)".
No higher access levels were reached - the cracker was unable to read mail or to download or install bindshells.
"The actual penetration wasn't really big, though it is kinda embarrassing to get 'defaced' as a defacement mirror," Fredrik of Alldas said on the site. "We regret it that the attacker didn't inform us about the bug and choose to deface the site with all the consequences that go hand in hand with it." ®
Free whitepaper – Avoiding costs from oversizing data center and network room infrastructure
Analyst Keynote: The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Enabling The Agile Data Center
Analyst Keynote: The Register Agile Data Center Summit
Google Spanner — instamatic redundancy for 10 million servers?
Early adopters bloodied by Ubuntu's Karmic Koala
Fedora 12 polishes Linux for netbooks
Sign up, sign up for The Register IT security newsletter