| View previous topic :: View next topic |
| Author |
Message |
infosys
Site Admin
Joined: 12 Dec 2002
Posts: 1461
|
 Posted: Thu May 13, 2010 9:54 am Post subject: Web Site Hosting Servers hacked to launch attacks. LMAO |
 |
|
Well.. time to shine up my MENSA (c) hat and take a bow for yet another cyber pronouncement that history has yet again proven to be true...
Back in March 2009, I wrote a rant about the slaphazard operation of web sites and hosting companies that made them ideal as launch pads for hackers to zombie and use for a variety of purposes. At that time, I was writing about observations I had made over the PREVIOUS SIX MONTH PERIOD... so that puts the start of this trend all the way back to the middle of 2008.
So.... as of May 2010... folks are starting to finally read headlines exclaiming "... Servers hacked to launch more powerful DDoS attacks.. ".
No kidding Einsteins... So if this was so obvious to everyone, why was all the main stream media and pundits silent on this topic over the past couple of years. Was everyone silent out of ignorance or was it a failed effort by the security scene to keep this under wraps ( obscurity ) ?
Here is the gist of the story that is starting to make headlines in most of the mainstream web ( and possibly print ) media :
| Quote: |
Servers hacked to launch more powerful DDoS attacks
Researchers at security firm Imperva have discovered a botnet consisting of web servers, rather that individual PCs, that is being used to launch more devastating denial-of-service (DDoS) attacks.
An attacker by the name of “Exeman” has infected around 400 web servers with a simple 40-line PHP script, which includes a malicious application that can be used to launch DDoS attacks, Imperva CTO Amichai Shulman told SCMagazineUS.com on Wednesday.
The application provides a dashboard and control panel that can be used to input the URL of an intended target and configure the IP, port and duration of the attack, Shulman said. The attacker may have leveraged a common flaw, called a remote file inclusion vulnerability, to compromise the servers.
The infected servers have already been used to launch a DDoS attack against a Dutch internet service provider, Shulman said. In addition, the botnet may be rented out to other cybercriminals.
Traditional DDoS attacks utilize large numbers of compromised PCs to flood a target with traffic, he explained. Servers, on the other hand, are generally more difficult to compromise than PCs, but utilizing them to launch a DDoS attack could provide a multitude of advantages...
http://www.scmagazineus.com/servers-hacked-to-launch-more-powerful-ddos-attacks/article/170046/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineNews+%28SC+Magazine+News%29
|
Let us do a quick review of the relevant part of my March 2009 rant...
| Quote: |
Internet broken ? No its phucked up totally... sorry...
.... Bots. What can we say about them ? Well frankly at this moment I can not think of one single ISP / hosting provider that doesn't have a minimum of one Bot living, breathing and operating on an IP under their control. And sadly the outbound traffic originating from some hijacked web hosting servers is not being monitored or spotted or cleansed.
And if a Bot has a foothold on one hosting server... well you can be damn sure it is busily trying to compromise and hijack other sites or IPs within that ISP's control ( or else it is using the hijacked hosted site to launch similar expansion efforts on other ISP / web hosting servers).
I can not think of any hosting server in Germany, Russia, Korea or China that is not infested with resident Bots on their hosting servers.
Yet even a casual monitoring of outbound traffic from those hosting servers would tend to scream loudly to an attentive ISP that an anomaly exist that needs to be looked into. Yet this anomalous traffic is ignored or not being followed up on. So we have to wonder why.
Is the ISP / hosting company incompetent, overworked, understaffed, ill equipped, or just blindly stupid. What are they monitoring; the monthly fees being paid by their customers for their hosting services ?
The expansion and entrenchment of Bots over the past six months is not necessarily deserving of kudos to the Bot designers... it is a condemnation of the poorly run and poorly monitored 'hosting companies' that really have no business being in the hosting business. Although cleverly crafted, many of these Bots carry identifiable signatures, traits, patterns of activity and communication that makes them and their traffic easy to spot.
It seems that any half-wit can hang out a shingle offering web hosting services. Such poorly funded and supported operations provide fertile ground for the Bots to find holes with which to take up residence and launch searches or attacks against other similar poorly operated web hosting service providers/provisioners. The spillover of these 'search and attacks' by the Bots sooner then later spill over into cumulative attacks against good web hosting providers, wasting their bandwidth and resources.
Users on the web hosting companies are not faultless in this either, some are downright dangerously negligent or incompetent. They install programs on their 'web site' which they then forget about, fail to update, fail to remove when they are no longer 'webmasters' or they put programs on to their web sites that they downloaded from piracy sites in order to save the cost of the web site software. Nothing is free and these hapless wits don't realize their 'cracked' web site software has backdoors intentionally built in to them by the crackers.
And even when an 'ethical cracker' releases a 'cracked' version of a web site software without intentional backdoors, well... those web sites are frozen at that 'version' until an upgraded 'cracked' version comes along; all the while leaving that web site vulnerable to flaws that routinely come up in the genuine version releases.
It's like driving a stolen car that you took from the parking lot of a brake repair shop - the damn thing is dangerous to be driving around in... for the thief and for the innocent members of the public that it will eventually crash in to. What kind of moron would steal a car that needs to have its' brakes fixed ?
No wonder the bloody Bots are finding such fertile ground all across the Internet to hijack or compromise web sites...
http://www.infosyssec.com/forum/viewtopic.php?t=3175
|
You will no doubt be reading more about the extent of which web hosting providers have been compromised and are being zombied. Just remember where you heard it first - ALMOST TWO FRIGGIN YEARS AGO !
Here is a NEW revelation that ties in to all this nonsense. As you may be aware, Google and other major search engines ARE NOW using the 'speed at which a web site loads' to increase or decrease the web site's ranking in the search engines. Google wizards said " .. that we rank higher in the index a fast web site because studies have shown that people don't like slow web sites... ". Ok.. folks... can you connect the dots ? The zombied web hosting servers are being used to consume bandwidth and slowdown TARGETED WEB SITES. This in some vain hope by the Bot herders to lower the web ranking of web sites that they wish to silence or at least injure in the search results of the major search engines. This is a service that the Bot herders might be doing as a pay-for-service for competitor web sites... or it might be for their own benefit ( hurt the other persons site and raise the stature of their own sites ). The short hint I will give to all webmasters is to ask themselves... is the 'traffic arriving at their site and repeatedly loading their pages originating from 'real humans' or Bot powered traffic ? If you conclude that a majority of your 'visitors' are in fact Bot powered.. then possibly you are under a 'Guerilla Marketing Attack' courtesy of one of your competitor web sites ( or someone who just doesn't like you or what you web site does ). Well... I will bet you have never read that new trend of the Bot herders being mentioned anywhere else ? And before anyone says it... I will term this new enterprise of the Bot herders to be "Guerilla Marketing in Cyberspace". Trust me... once the pundits figure this one out....(one or two years from now ) it will be the next big thing making the headlines
And in case you want to read my last prediction/revelation which also will be making the news 'some time in the future when the pundits and experts finally figure it out'.. read my rant on CLOUD COMPUTING if you haven't done so already.
Cloud computing ...Beware, my friend. sh*t winds are a comin
http://www.infosyssec.com/forum/viewtopic.php?t=3190
SNP - Tomorrow's news today 
. |
|
|
| Back to top |
|
 |
Anonymous Defender
Grand Wizard of all beneath
Joined: 28 Jan 2003
Posts: 840
Location: Florida
|
| Posted: Mon May 17, 2010 8:52 am Post subject: Re: Web Site Hosting Servers hacked to launch attacks. LMAO |
|
|
| infosys wrote: |
SNP - Tomorrow's news today ;)
|
I LIKE IT!
lol |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB
© 2001, 2012 phpBB Group · SecurityForumX - Computer Network Virus Security
|
