Skip to comments.Somebody from the left has hacked CYNDISLIST.COM
Posted on 02/03/2005 9:44:30 PM PST by FUMETTI
Hey genealogy lovers:
The far left foreign loonies with a bad translator have hacked a non-political site, CYNDISLIST.COM...a genealogy site.
What is this world coming to when a site for genealogy lovers needs to be defaced?
This is the real imagen of the society
This is my protest, this is my scream...you cannot close your eyes.The world have big problems and you wanna be more one?
This hacker or hackers are just pathetic
It is actually hilarious how bad this punk hacker's English skills are, or he/she needs a better translator than bablefish.com
Sounds like one of the South Korean farmers on Lineage II got bored.
Boy this is going to be a weird night!
I second that hunch! ;-)
"ALL YOUR FAMILY TREES ARE BELONG TO US!!!"
Maybe the hackers thought Cynidislist.com was the VRWC's version of the Left's Emily's List.
If you click the image on the defaced web page, it links to a site in Brazil.
I wonder what that site is, when translated. This is getting more bizarre by the second!
Cyndislist is an old timer of a site, remarkably useful and used, and genealogy is one of the best reasons ever to even have the internet (besides FreeRepublic, email, and porno). I'm sure that was all part of Al Gore's plan when he invented it. ;')
I not sure if Babelfish does Portuguese-to-English.
< font color="#FFFFFF" face="Arial
Black" >This is the real imagen of the society < /font >< /p > < p align="center" >This is my protest, this is my scream...you cannot close your eyes.The world have big problems and you wanna be more one?< /p >
< /body >
< /html >
With the exception of the "Main Index" link, all the other links appear to be in good working order.
These hackers have been busy.
200 SA sites defaced
BY DAMIAN CLARKSON, ITWEB JUNIOR JOURNALIST
[Johannesburg, 31 January 2005] - A group of hackers has compromised nearly 400 sites, half of which were local.
The sites were hacked either late last night or sometime this morning by the Infektion Group, says Dino Covotsos, owner of local security company Telspace. In total, there were 397 defaced, of which around 200 were on a local server and had South African domains.
The compromised sites feature a picture of a young child and the message: This is the real imagen of the society. Greetz: Augusto( É nois aqui de novo ), Naiana, Podres and all the peaple that I Know.
The tysica.co.za site is one of around 200 local sites to be defaced by the Infektion Group hackers.
A recent check showed most sites still appear to be compromised.
It is highly unlikely the server was specifically targeted, but rather that the server was vulnerable during a mass scan, says Covotsos. I don't think that the ISP was deliberately targeted, as many other servers were hacked in a mass defacement effort.
The Infektion Group hackers have carried out a number of attacks in the past. According to the Zone-h Web site, the group has carried out 20 581 attacks, of which 2 235 are single IP, and 18 346 mass defacements.
The group, which comes from Brazil, has in the past posted political messages and is fairly well known, says Covotsos. They are not shy to leave their details. They know what they are doing and are very quick.
Some newbies would post a Vanity, non-news story or post a story already in discussion as a brand new thread. I'm very impressed. You must have read all the hints, guidelines, etc.
BTW, I'm a newbie myself compared to the many thousands of other FReepers.
Thanks .. I just Google'd "Infektion Group" and got lots of hits telling me there were other sites hacked in addition to Cyndislist.com. It seems the hackers have been quite busy lately posting that same message and picture on a number of sites.
If I remember correctly, they're from Brazil.
This is a much appreciated response from last week when I was accused of being a troll.
Here's an interesting message they left at this site:
(the "F" word edited with "*" for purposes of posting to forum)
Join against them before it if joins against you
greetz: Infektion Group members, Innocent boys, siemens, my real friends and all the peaple that help us.
And a big Fu*k to : all the peaple that hate us, USA and your government imperialist,
all the Neonazists, Bush, Tony Blair ( the dog of Bush ), coca-cola.
Here's one more of interest that appeared after Bush was reelected.
East Kingdom web site defaced by protest group
Submitted by Justin on Thu, 2004/11/11 - 16:20. East | Modern Society | SCAtoday.net
Political protesters temporarily defaced the home page of the SCA's East Kingdom earlier today, replacing it with a page of their own creation.
A group of self-proclaimed "cyberterrorists" calling themselves the "Infektion Group" [sic] replaced the home pages of over 100 sites on the same server as the East Kingdom site with their own page protesting the U.S. election results. The defaced page read:
Infektion Group Owned You
The war of the lier Bush feeds the hate
each day grows more and more!
Below the text was a photographic image of the Brazilian flag. The word "owned" is a term used in hacker and cracker circles to indicate that a site's security has been compromised. Misspelled words, such as "liar" and "infection" in the above, are often intentionally part of so-called "hacker-speak" or "L337-speak" (pronounced elite-speak), a way to present an edgy image. The misspellings may also be due to the page having been created, apparently, by Brazilians, whose native language would most likely be Portuguese.
The click21.com.br domain belongs to a Brazilian company located in Rio de Janeiro, though of course there is no proof that the company knew anything about the attack, since anyone could have put that email address into a web page.
Robin Gallowglass, the East Kingdom Web Minister, says the attackers struck at about 12:53 a.m. US Eastern time, and that he first learned of the attack at about 8:00 a.m. "I was able," he says, "along with my fellow system administrators, to identify the vulnerability that was exploited and plug the hole. The defaced index pages were replaced from backups by approximately 9:30 a.m." Gallowglass says extensive backup precautions saved the day, and that he has an automated backup process that makes archival copies of the web page multiple times per day.
Gallowglass says that an unfortunate default setting in the security of the PHP web programming language was to blame. The PHP software itself had not failed, but the incorrect setting "allowed a file name for a included file to be either a path to a file on the local file system or a remote URL. This allowed the attackers to inject malicious PHP code that allowed them access to all the websites on the server." This sort of remote scripting exploit can happen in many web programming languages, and has been reported in numerous cases for both Linux and Microsoft web servers. In the case of this particular server, it was a Linux machine that was affected. The equivalent Microsoft technology, Active Server Pages (ASP), has been subject to the same kind of error in the past.
Gallowglass says that the server admistrators are careful about security, and blames poor documentation for the fact that this vulnerability "was missed in our periodic security audits." The vulnerable default setting has been changed, and Gallowglass and his colleagues took advantage of the server downtime to upgrade the Apache web server and the PHP programming language to their most recent security patch levels.
Computer security experts say that security is never perfect, in spite of a system owner's best efforts, and that off-site backups of important data are an essential part of site management because these are isolated geographically from the compromised system. In this incident, those off-site backups allowed fast recovery.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.