Turkish hackers go on defacement rampage

Turkish hackers go on defacement rampage

Summary: Turkish hackers go on defacement rampage by hacking 38,000 sites in a single shot using automated hacking tools.

SHARE:
TOPICS: Security
15

Two Sony websites were hacked yesterday by a Turkish hacker (thanks to Roberto Preatoni of Zone-H.org for heads up and explanation).  The two site URLs are:

As of 12:30 AM Pacific Standard time on the USA west coast, the handy work is still there for all to see.  The very same hacker hit Sony music in Europe 9 days ago.  Fortunately for Sony, these kinds of hacks are more of a statement than malicious activity but it’s usually a lot more damaging as far as public relations is concerned.  Many companies would actually rather have something stolen than appear on Zone-H.org.  A lot of companies get posted on Zone-H.org and beg the site to take them off and claim it was a mistake, but everything has been programmatically verified and it’s almost never a mistake.

Less than two weeks ago, another Turkish hacker hacked a record 38,000 websites in one shot using automated tools to attack sloppy ASP coding.  According to Zone-H.org statistics which showed that platforms don't matter but implementation does, file inclusion (typically sloppy ASP or PHP coding) is the most likely way to get hacked.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • What would be a resolution

    Asking Coders not to be sloppy with Code is like asking Windows to reduce their memory requirements on their next release. Not very likely to happen.

    However, how else are we supposed to draw easily changeable data into an application without file inclusion. The only other solution would be to use a Database tied to the back end. For just a few variables, that seems like overkill. Ofcourse there is the option to hard code all the information into the scripts. That would be horrible to update every time.
    nucrash
    • Nah, just catching up with Desktop Linux

      "like asking Windows to reduce their memory requirements on their next release"

      Nah, just catching up with Desktop Linux though it still boots in about 40 seconds instead of 100+ for Desktop Linux. A lot of that memory needed for Vista goes to SuperFetch which speeds up operations.

      "However, how else are we supposed to draw easily changeable data into an application without file inclusion"

      I guess there is a right way and wrong way to do this. The wrong way gets you defaced and that can sometimes put you out of business depending on the business you're in.
      georgeou
  • well...

    sony had it coming
    Scott W
  • If this was in the form of a question,

    You gave the answer. Sloppy coding. A bank can be robed with a cell phone.

    It's the good bad and ugly thing. One thing I can't stand is loosing my freedoms because people do crime! We should not have to pay the price for the crimes others do. But it always seems we do.

    History tells us there is no way to set an example. After all public executions were ment to do just that.

    There are bad people out there, secure your code. Open source is a good example. Here is the source let the world debug it! More of us should look at the history of braking code. Humans aren't as smart as they think they are. Not me, I try to use less ego and pride and understand that I am not so smart and need someone to proof read me.

    Live and learn.. or do we?
    xstep
    • Many eyes doesn't work the way you think

      "Open source is a good example. Here is the source let the world debug it!"

      If "many eyes" worked the way you think, Linux and Apache wouldn't have been hacked more than the Windows based systems in that 2005 Zone-H report.

      Read what an Open Source expert who wrote DCC had to say about "many eyes".
      http://groups.google.com/group/news.admin.net-abuse.email/browse_thread/thread/6c5036983a38c83a/106cb8a0b91d28fa?lnk=st&q=vernon+DCC+%22many+eyes%22&rnum=1&hl=en#106cb8a0b91d28fa

      And yes, you have to manually merge the link and take out the spaces that were injected.
      georgeou
      • Agree but..

        We are talking about Apache and more to the point web servers and file/directory permissions. A web server is for the most part, designed for public access.

        Even better, not so much more "eyes" the right eyes. So what about over all? seems there are less over all holes in open source and much faster fixes. Look at OpenBSD. These guys audit for a different reason than sales. The acheivement is based on something more personal right?

        And really we are talking about ASP and PHP in this case right? A furball is a furball. The object is less lines to get the same function.

        Lastly, I think sloppy coding comes from the free for all do as you like intentions. I can't expect web page designers to understand a respect file permissions. After all your given a directory on a web server, what you do with that space is not the fault of the web server. It is not up to the System admin to fix your mistakes is it?

        Now I saw nothing that stated it was Apache,a hole in the web server code (DOS,Buffer..ect). You tell me? What was it? asp? php? the Apache web server? IIS? Monkey?..lol

        Whats better than more eyes? debug software and audit software. But you need the all source. And sure, the example here is if you don't the bad guy will. right?
        xstep
        • I suspect that it's...

          RE: Now I saw nothing that stated it was Apache,a hole in the
          web server code (DOS,Buffer..ect). You tell me? What was it? asp?
          php? the Apache web server? IIS? Monkey?

          Some form of UNIX running Apache. The majority of PHP code is
          run on this combination.

          And these are good questions. Though I have to wonder why
          they're never applied when a Windows hosted site is hacked.
          ye
          • Windows hosted site hacked

            Security Focus reports 38,500 in less than a day getting this report from Zone-H. Goes on to report that the vandal specializes in defacing windows based web servers.
            05/19
            http://www.securityfocus.com/brief/212?ref=rss
            xstep
          • It wasn't a Windows or IIS vulnerability though

            Nice try, but it appears they were all hacked via a common ASP form mailer script that was installed on all of the servers.

            http://www.stokia.com/news/iskorpitx-iis-ssfm-hack-info.htm
            toadlife
          • It was GoDaddy's fault. They actually blamed IIS

            IIS 6.0 has NEVER had any serious more even moderately serious flaw since its inception in 2003. Godaddy has the nerve to say "The ssfm hack is not something we can really defend against. It is a vulnerability in the Microsoft IIS webserving system. As Microsoft uses closed source software, we are dependant on them for a fix to this issue. They have not, as of yet, issued a patch for this vulnerability. Rest assured that your passwords have not been compromised. The attacker does not need these to insert his file into the account as it is done through a hole in the IIS system (and this is the only directory that they would have access to)."

            This is linked in the middle of the URL you posted under "google cache result".
            georgeou
          • Yeah, I saw that quote

            Pretty pathetic if you ask me. Looks like they might have a few Open Source "advocates" working for them.
            toadlife
    • need someone to "proof read".....

      When you say "braking code" are you referring to the standards used by the US Auto industry pertaining to the way cars stop? As far as loosing my freedoms, I like to loose my freedoms as often as possible. However, losing my freedoms is a major bummer. Actually, public executions did set a pretty effective example. The problem is that we stopped using them. I don't know how dangerous it is for a bank to be "robed" with a cell phone or any other device but for a bank to be robbed is a bad thing. Imagine trying to get the teller to give you the money; "I have a cell phone and I'm not afraid to use it!" It's interesting that your next to last statement was about how you needed to be "proof read", You do realize it's one word don't you? To make matters worse, your usage of the most abused punctuation mark in the English Language, the comma, is certainly not good, but, it is bad, and ugly. I'm not trying to bust your chops but rather elaborate on your point. In your one short paragraph there are at least 9 errors. I have no idea how many I made other than the deliberate comma abuses. Imagine how many errors can crop up if you (or anyone other "human" for that matter) code your own pages.
      burleydad
  • Punishment

    As I have said before, hang the bastards.
    2 or 3 public hangings will make them think about what they are doing.
    They are not driven by religion, they are just malicious punks.
    TN-Limey
  • RE: Turkish hackers go on defacement rampage

    My company was one of the sites that got hacked. I want to know what sloppy ASP code needs to be fixed.
    lightningcpu@...
  • RE: Turkish hackers go on defacement rampage

    I mistakenly typed supportveterans.com - instead of supportveterans.org. I wanted to donate to the
    Paralyzed Veterans of Amer. Instead I got the turkish hacker!
    maggielaurie