Forgot your password?
typodupeerror
Security

July 6th - Website Defacement Day? 483

Posted by simoniker
from the season-of-mass-stupidity dept.
pabl0 writes "According to an article from SFGate.com (San Francisco Chronicle), a challenge has been posted, inviting web-site defacers to alter the content of as many web sites as possible on July 6th, with an apparent limit of 6,000 websites per contestant. Looks like this would be a good time to make sure all those web-server security patches are applied!"
This discussion has been archived. No new comments can be posted.

July 6th - Website Defacement Day?

Comments Filter:
  • If /.'ed (Score:2, Redundant)

    by Bitwick (618204) *
    Alternate Link for Article: http://www.msnbc.com/news/934055.asp?vts=070220031 125
  • frosty piss (Score:3, Insightful)

    by Anonymous Coward on Wednesday July 02, 2003 @06:43PM (#6354004)
    Yes, let's put this article on Slashdot, so a few million would be hackers can go ahead and deface a couple of hundred websites apiece.

    What the hell is wrong with you? This kind of coverage only causes trouble.

    Hacking into servers and defacing websites is illegal, whether you like it or not. Doing things like this costs PEOPLE money.

    And don't argue back with that "well Microsoft deserves to be defaced" bullshit argument, or anything of the sort. They don't deserve it anymore than you do.

    Now watch me get modded down by all the haxx0r n00bz0rz with mod points.
    • by polished look 2 (662705) on Wednesday July 02, 2003 @06:45PM (#6354027) Journal

      Slashdot has little to do with the defacement. Slashdot is simply reporting this.

    • Re:frosty piss (Score:5, Insightful)

      by wiggys (621350) on Wednesday July 02, 2003 @06:47PM (#6354048)
      On the other hand you could argue that by posting this on Slashdot it will receive huge worldwide attention, and as the article suggested now would be a great time to patch your web server.

      It's a bit like Mischief Night in the UK - I don't like it, but I don't bury my head in the sand and pretend people will forget about it. Instead I take precautions - move the car out of the way, make sure my windows and doors are locked and keep the cats in. It doesn't hurt to have a security test now and then.

    • Re:frosty piss (Score:3, Informative)

      by squiggleslash (241428)
      Personally, as someone who maintains a fairly substantial web project for his employer and whose system administrators are abnormally overworked at the moment, I'd like to know something like this is about to happen so I can keep an eye out that day just in case there's something we've missed.

      If there's a large amount of cr/hacking going on, I'd like to know ahead of time so I can make preparations.

    • Re:frosty piss (Score:3, Insightful)

      by PaulK (85154)
      So what exactly are you advocating here?

      Censorship?

      Or, could it be, that you are assuming that /.'ers are no more than script kiddies?

      Personally, I appreciate this information. I can now ensure that my networks are fully prepared, and monitored during the event.

      I'd rather view this as a PSA.

      I'd bet that any cracker that intends to participate, already knows about this.

    • Re:frosty piss (Score:4, Insightful)

      by HexRei (515117) on Wednesday July 02, 2003 @07:12PM (#6354263)
      Bullshit. If anything, this will SAVE companies money in the long run. You think its BETTER for a web server to sit there with unpatched security exploits, waiting for a truly malicious hacker to do something nasty to the server like zombify it, than for some joker to deface it, and in doing so alert the administrators to the presence of the hole (hopefully closing it?
      Any company should be able to swiftly and easily restore their site from backups. If they don't have backups, they are STUPID and DESERVE what they get.
      It's technological darwinism, curtailing harmless hackers just helps loopholes survive for malicious hackers to exploit. Security flaws should be pointed out and if it takes a rude awakening like a website redesign, then so be it.
      Better than having your box end up participating in a worldwide DOS a year or two down the line.
      • Re:frosty piss (Score:5, Insightful)

        by jafiwam (310805) on Wednesday July 02, 2003 @10:37PM (#6355400) Homepage Journal
        Yeah?

        Well guess what. They put the thing out there before I was hired and put a bunch of twitchy-clueless web hosting customers on it.

        I got a new set of servers, got to design how it all works, all patched and good and ready to go. Know what I am waiting for? Server brackets. The boss's dad is makin em in his garage. Until then, I can't put the new ones up in the rack.

        Then I get to migrate all of them-there sites to the shiney new servers and answer stupid phone calls to explain how DNS works, and explain how their ISP proxy server is fucking broken.

        You think any of this is my choice? (Aside from the shiney new stuff.) Think anybody is going to stop and think "Gee, this might be patched tomorrow and it won't be a threat to anybody as a zombie then!" Nope. They won't think at all.

        Your justification for web site defacement sucks. You might as well ass-rape your sister cuz she's not wearing a chastity belt. If I run across your mom, you'd better hope I don't use the same logic you do.

        It's not Darwinism, it's vandalism.

        I agree that there are a lot of lousy sysadmins out there, causing lots of problems by letting their machines get hacked. But you should think about how you think things should go a little bit. Maybe it would be better if you concentrated on educating those around you how to set up a web site properly, hmm?

        (As for me, I hope the Spanish-speaking nitwits organizing this end up in Colombian-Federal-pound-you-in-the-ass Prison. They deserve it.)
    • Re:frosty piss (Score:3, Informative)

      by Traa (158207) *
      heh, and here I thought that posting a link to a 'news' article about 'stuff' that 'nerds' do was rather exactly what slashdot was all about.

      Slashdot doesn't set a moral standard. The posters/moderators/community does.

      Slashdot provides room for debates about these sort of articles. Feel free to debate the moral soundness of the topic of the article if you feel that inclination. Hint's like 'defacing websites is illegal' are probably a good thing for those readers that hadn't picked up on that fact yet tho
    • Re:frosty piss (Score:5, Insightful)

      by Proudrooster (580120) on Wednesday July 02, 2003 @08:20PM (#6354700) Homepage
      This is the exact correct place to put it. Thousands of SysAdmins read Slashdot and now know that they had double check their security or risk embarassment on July 6th.

      Also, I have heard rumblings of yet another MS worm run scheduled to run rampant over the 4th of July holiday weekend. (Prepare for pager meltdown MS and network admins.)

      I totally appreciate the heads up. In fact I did an external port scan of my Class B today and found out that the firewall monkeys had opened incoming ftp from anywhere to key servers. If it wasn't for this new threat I probably wouldn't have bothered to rattle the door knobs before the holiday.

      I'd say that everyone has fair warning. Make sure your backups are up to date and that you don't have any easily hackable services exposed. Now the only question is, "Who will be embarrassed?"

      Remember folks, it's not just about defacing, it's about defacing creatively.
      ~ Ha]<0R D00D
  • by crazyhorse44 (242315) on Wednesday July 02, 2003 @06:43PM (#6354007)
    wonder how many millions Homeland Security is going to spend "preparing" America for this one.
    • by EdMack (626543) on Wednesday July 02, 2003 @06:49PM (#6354068) Homepage
      Em, if you RTFA, you would see

      "Frankly, hacker challenges occur frequently, and we don't think they all rise to the level of a warning," Homeland Security spokesman David Wray said.

      Yes this is /. but only flame the gov when you must.
      • Why do those sound like well prepared "last" words.. The next words out of his mouth will be "We were terribly unprepared for this act, and it shows us how simply unprepared the Internet infrastructure is for terrorists attacks"..

        That would, of course, be followed by hackers (real and wanna-be's alike) being arrested and thrown in prison on non-specific charges. As long as you throw in a "cyber-terrorism" somewhere in the charges, you can jail them indefinately.

        Good luck on the battle kids. Do
    • by Malfourmed (633699) on Wednesday July 02, 2003 @08:07PM (#6354634) Homepage
      wonder how many millions Homeland Security is going to spend "preparing" America for this one.

      Patch and cover! Patch and cover!!
  • I notice... (Score:5, Funny)

    by dex22 (239643) <plasticuserNO@SPAMgmail.com> on Wednesday July 02, 2003 @06:44PM (#6354016) Homepage
    I notice the 6th is a Sunday. It would have to be, so all the children can do it without missing school.
  • by ramzak2k (596734) * on Wednesday July 02, 2003 @06:45PM (#6354020)
    July 7th was announced as national handcluffing day when hordes of hackers would be paraded around the streets in major cities.
  • by LordoftheFrings (570171) <null AT fragfest DOT ca> on Wednesday July 02, 2003 @06:46PM (#6354032) Homepage
    This is just really awful. A huge call out for Script Kiddies of the world to unite. Terrible.

    *shakes head*

    *looks around*

    *starts researching latest exploits*

    *runs*
    • Re:Wrecklessness (Score:3, Insightful)

      by JWSmythe (446288) *
      We make fun of the script kiddies, but you're right, if there are perfectly good exploits out there and you aren't prepared, then you're just being stupid and egotistical. "They'll never get me." will suddenly become "damn, they got my site."

  • by $exyNerdie (683214) on Wednesday July 02, 2003 @06:46PM (#6354034) Homepage Journal
  • Well (Score:3, Interesting)

    by Anonymous Coward on Wednesday July 02, 2003 @06:46PM (#6354036)
    I will bring out my honeypot then!
  • Crossing the line? (Score:5, Insightful)

    by carl67lp (465321) on Wednesday July 02, 2003 @06:46PM (#6354039) Journal
    One is reminded of the perpetual debate in security: Whether to post an exploit to a group, in order for the vendor to have incentive to patch it, or wait and hope the vendor listens to you. There are excellent arguments on both sides.

    This seems to be little different than that example. The challenge is unethical, as far as I am concerned. July 6 is a Sunday, for one thing--in general businesses do not hold normal shifts on a weekend, so this is going to surely cause more grief than an attack on, say, a Tuesday. Moreover, if successful, this could seriously halt a lot of legitimate business, personal, and other transactions across the Internet.

    Is this a call to deface Web sites, or generally screw over sysadmins who oftentimes are paid beans to being with? Shameful.
    • by commodoresloat (172735) on Wednesday July 02, 2003 @07:18PM (#6354317)
      One is reminded of the perpetual debate in security: Whether to post an exploit to a group, in order for the vendor to have incentive to patch it, or wait and hope the vendor listens to you. There are excellent arguments on both sides.

      No there aren't. There is no reasonable argument for not bringing the exploit to the vendor's attention first. There is meaningful debate over the question of what to do if the vendor chooses to ignore you or bully you, but I really don't see a good argument for alerting the world before alerting the vendor.

  • A Haiku (Score:5, Funny)

    by blackmonday (607916) on Wednesday July 02, 2003 @06:47PM (#6354047) Homepage

    Page deface!
    Challenge - July 6
    Please stay away

    • another =) (Score:3, Funny)

      by Andorion (526481)
      Website defacement -
      Illegal and damaging.
      Still beats going to church.

      ~Berj
    • Re:A Haiku (Score:5, Funny)

      by Tackhead (54550) on Wednesday July 02, 2003 @06:58PM (#6354158)
      > Page deface!
      > Challenge - July 6
      > Please stay away

      Traditionally, the Haiku form must not only follows the 5-7-5 syllable progression, but it must also evoke a pastoral, reflective feeling in the reader upon contemplating the seas[|~||{{[{
      WE 0WN ALL J00R B4S3
      TEH INTERWEB IS ALL MINE
      FUCK J00 1TS SUMMER!

  • by neslon (74111) on Wednesday July 02, 2003 @06:47PM (#6354052) Homepage
    From the AP article:

    "The purported "prize" for participating hackers was 500-megabytes of online
    storage space, which made little sense to computer experts. They said
    hackers capable of breaking into thousands of computers could easily steal
    that amount of storage on corporate networks."
  • by Nom du Keyboard (633989) on Wednesday July 02, 2003 @06:47PM (#6354057)
    This is a totally dumb idea, and I hope the FBI tracing bots are ready to track them all down and arrest them soon afterwards.

    Given that you're going to do it anyway, why not start with the RIAA, MPAA, and SCO sites. After that, any spammers anyone happens to know.

  • I would think that the kiddies that deface web sites do it every Sunday anyhow, so I fail to see why this should have any impact.
    It's not like people are going to say "gee, I never thought of that! Let's deface web sites on this particular sunday, although we never would do it otherwise!"

    But I'm sure that some people find a way to make money (or pork) from this "announcement". *sigh*

    Regards,
    --
    *Art
  • whu? (Score:5, Funny)

    by deadsaijinx* (637410) <animemeken@hotmail.com> on Wednesday July 02, 2003 @06:49PM (#6354077) Homepage
    The purported "prize" for participating hackers was 500-megabytes of online storage space

    WOOHOO! After all that hacking into thousands of web-sites with who knows how many terabytes of storage, I can now get almost a FULL CD of free web-storage!!!! WOOHOO!!!

    Wait, can I still use that in prison?
  • by myov (177946) on Wednesday July 02, 2003 @06:50PM (#6354081)
    It's just a massive slashdotting!

    (someone had to say it)
  • by mortonda (5175) on Wednesday July 02, 2003 @06:51PM (#6354091)
    Once again the desire to moderate a story flares up.


    Please don't feed the trolls.

  • Now I understand ... (Score:3, Interesting)

    by chloroquine (642737) on Wednesday July 02, 2003 @06:52PM (#6354099) Journal
    Our IT department just sent out a notice to the institute about security over the holiday weekend. I'd love to see our website hacked. It is one of those no useful content sites with lots of tasteful colours and pictures.
    But don't quote me on that.

    "The holiday weekend affords us an opportunity to get away from our workplace, relax and enjoy the summer weather. However, not everyone will be outside in the sunshine. Hackers will be in front of their computer screens trying to get into all of those computers"

    I think the thing that pisses me off the most is that they assume that everyone gets to take the holiday weekend. I'm a grad student, I'll be inside working. They're such insensitive jerks sometimes.

    • by freeweed (309734) on Wednesday July 02, 2003 @08:10PM (#6354647)
      on Wednesday July 02, @05:52PM, chloroquine said:

      Our IT department just sent out a notice to the institute about security over the holiday weekend. I'd love to see our website hacked. It is one of those no useful content sites with lots of tasteful colours and pictures.

      But don't quote me on that.

      Aw, fuck...
  • Welcome to the 5 oclock news, today is July 7, 2003. This morning, an estimated 9,000 teenage boys were arrested as part of a massive sting to capture the perpetrators of yesterday's massive computer related attack. Investigators have confiscated a record number of computers related to this attack.
  • new plan (Score:2, Redundant)

    by b17bmbr (608864)
    1. announce web defacement day
    2. ???
    3. profit
  • by donutz (195717) on Wednesday July 02, 2003 @06:54PM (#6354124) Homepage Journal
    New York officials urged companies to change default computer passwords, begin monitoring Web site activities more aggressively, remove unnecessary functions from server computers and apply the latest software repairs from vendors such as Microsoft Corp.

    Well it took some doing, but I managed to get that latest Microsoft service pack installed on my web server. It said that it fixed a lot of issues, so I felt it was worth it, even though I run a Slackware 9.0 Linux server. Here's to hoping it reboots alright!
  • by RobertTaylor (444958) <roberttaylor1234@gmail. c o m> on Wednesday July 02, 2003 @06:56PM (#6354140) Homepage Journal
    Registrant:
    of, Day (TPEEWXQFBD)
    11 Albert Rd
    AMITYVILLE, NY 11701
    US


    Does that place exist? If so *deface that* ;)

    I doubt it will be a real address though, however the idiocy of some people does often suprise me!
  • =( Blah (Score:2, Insightful)

    Flame on, but, I don't think /. should be reporting this kind of story. Aside from all of us story loving, comment posting maniacs, /. does get viewed by our script kiddie "friends." There have been challenges before (as mentioned), this isn't anything new, most of which [however] have not had enough media attention to bother with. Remember the "April Fools Defacement Day" one that a few newspapers picked up on, last April? This is exactly the same thing. The more fuel we give the kiddies, the bigge
  • sad (Score:2, Insightful)

    by DNS-and-BIND (461968)
    It's a sad day when replacing index.html is regarded as "hacking". The entire idea that only web servers are worthy of hacking just shows journalistic ignorance worthy of the New York Times.
  • Eh... I think this deserves coverage on Slashdot because it's interesting to people, but I suppose it's also sort of increasing the number of participants in this. Oh well, if you're running IIS without patches you kind of deserve it. =P
  • If you think you can take a break from kissing your mother! You can find me at: www.microsoft.com

    Disclaimer: Message meant purely in jest, I know you were just seeing if the chocolate pie was really as good as she said it was.
  • Hmmm - defacers-challenge.com is not in the dns anymore.

    Could it be someone pulled the plug on our erstwhile dare-devil? Or, was he just slashdotted off the face of the planet?

    Enquiring minds want to know...
  • Is it just me... (Score:3, Insightful)

    by El (94934) on Wednesday July 02, 2003 @07:07PM (#6354230)
    or does anyone else think that the Feds are behind this challenge, as part of a massive sting operation?
  • by KFury (19522) * on Wednesday July 02, 2003 @07:13PM (#6354274) Homepage
    Gee, I'd never have known about this small-time hacker stunt if /. hadn't brought it to the attention of millions. Talk about using your powers for mayhem, /. ...
  • by madmarcel (610409) on Wednesday July 02, 2003 @07:19PM (#6354323)
    Hmmm...july 3rd...counting down...

    But...let's look on the positive side:
    Let's say thousands of websites DO get de-faced (w00t - how very unlikely ;)

    A) Thousands of extra hours of work created to clean up the mess. (or not - y'all make backups right ;) Those are surely bill-able hours right?
    And it's on the weekend, wahey! Double rates!

    B) All the administrators of web-servers that WERE defaced will HAVE to examine the security of their web-servers. Improvements will HAVE to be made. If 'thousands' of web-servers are forced to improve their security...is that a bad thing?

    C) Perhaps a lot of administrators (and PHB's) will notice that the most commonly defaced web-servers were (or are likely to be) those that run M$ software of some sort. Would that make them more likely to switch to OTHER software?

    D) Hundreds of lamo script-kiddies prosecuted, jailed and/or permanently disallowed from using the internet. Excellent. Perhaps /.'s troll ratio will drop, and IRC will become a pleasant experience....NOT! :^D
    • by Phroggy (441) * <slashdot3 AT phroggy DOT com> on Wednesday July 02, 2003 @11:44PM (#6355682) Homepage
      Those are surely bill-able hours right?
      And it's on the weekend, wahey! Double rates!


      I think you're assuming quite a bit about the current economy and job market. You actually think companies are paying overtime for this sort of thing anymore?

      All the administrators of web-servers that WERE defaced will HAVE to examine the security of their web-servers. Improvements will HAVE to be made.

      I think you're assuming quite a bit about PHBs and beancounters. Why go to all that trouble, really? It's going to cost how much? Can you explain again why this is important? Can't you just restore the site from backup? We have a firewall, and it was bloody expensive; we shouldn't need to do all that other work you're talking about, especially if you want to get paid overtime for it.

      Perhaps a lot of administrators (and PHB's) will notice that the most commonly defaced web-servers were (or are likely to be) those that run M$ software of some sort.

      Or perhaps they'll be Linux boxes running Apache with buggy PHP scripts. Windows Server 2003 to the rescue!

      Perhaps /.'s troll ratio will drop, and IRC will become a pleasant experience....NOT! :^D

      Yeah, not. Slashdot trolls don't know how to hack web sites. They only wish they were that l33t.
  • by Soporific (595477) on Wednesday July 02, 2003 @07:51PM (#6354553)
    Coincidence? I think not!

    ~S
  • by phorm (591458) on Wednesday July 02, 2003 @07:57PM (#6354590) Journal
    About 2 weeks ago I was running RedHat. I would have been running around frantically trying to track down any patches I might have missed, version-checking my RPM's...etc etc.

    Once I read this I was like "crap crap crap, a whole lotta patching to do"
    Then I SSH'ed to my server...
    And remembered I was running debian...
    apt-get update && apt-get upgrade...

    I suddenly feel a lot better about the few hours it took me to make the switchover.

    If I were running an MS server I would probably have had a near heart-attack by now. I've never needed the
    "newest-most-spectacular-greatest-ever-superd uper-new-version" of any of my daemons, so there's no problem at all with Deb, despite the arguements of many.
    • by krray (605395) *
      > About 2 weeks ago I was running RedHat. I would have
      > been running around frantically trying to track down any
      > patches I might have missed, version-checking my
      > RPM's...etc etc.

      True, true, but to be fair -- for the small to medium sized business types (what I over see :) the use of Redhat's Network does offer a very decent and cost effective way to manage huge chunks of Linux box easily. $60/yr for personal type (basically ungroupable boxes) or $90/yr for the "Enterprise" (groupable) servers
  • by kstumpf (218897) on Wednesday July 02, 2003 @08:54PM (#6354906)
    Sometimes people have to be burned before they will respect fire extinguishers.

    Our main webserver got hacked just last weekend. It was a RedHat 7.2 that was up for about 450 days straight and was kept pretty well patched. Unfortunately, some custom Apache stuff kept us held back on patching httpd. I guess it really does only takes one weak link in the chain. Once they got in, they put in a rootkit called ZK and started setting up a hidden webserver where they were trying to sell web space on MY box. ;)

    Lucky for me, I had a couple of cron jobs in place that used a hidden copy of tripwire and chkrootkit to check for intrusion and shutdown the network interfaces after they mucked around with sshd and the known hosts file. A cheap trick, but it worked.

    I'm actually glad it happened. My boss and all of upper management are finally taking security seriously, and I'm milking it for all its worth. Its basically a blank check to lock down the fort. We've eliminated 75% of static NATs, shoved things off the LAN and onto the DMZ, closed dozens of ports, sprung for RHN subscriptions, eliminated several old NT4 servers, and generally did away with all the "convenient hacks" our engineers insisted on.
    • Okay, please explain a bunch of stuff to me.

      (1) What is wrong with NATs? For example, our ISP uses NAT to deliver service to our computers. Ideally, I'd also like them to IPTable ports 80,8000 on one website prefix (say, usr. instead of www.) to my computer. How does this compromise the system?

      (2) Which packages do you use to check for open ports? Which packages do you use to *eliminate* root kits? [Or do you just have to floppy-boot, know where to search, and delete/restore a file?]

      (3) What's a DMZ
  • by pabl0 (228298) * on Wednesday July 02, 2003 @08:55PM (#6354912)
    Hi all,

    After seeing this submission published, I noticed several folks who mentioned the very good point that by posting this, I may very well be drawing the attention to the contest that would make it a "success". I essentially responded to this via a newly posted article on my site, but thought it was worth posting here as well, so that hopefully my reasoning will make more sense. (Article Follows.)

    Thanks,
    Paul Robinson
    gotclue.net [gotclue.net]

    As Slashdot was kind enough to post, the San Francisco Chronicle has an article about a hacker or group of hackers that are calling for massive website defacements as part of a warped (and highly illegal) contest, to occur entirely on July 6th. I considered not submitting the story to avoid drawing attention to it. After all, this could end up being the next "Y2K" where everyone sits around waiting for the doomsday that doesn't occur. To those who don't think I should've posted the story, I apologize -- but suggest you read the rest of this article to understand my reasoning.

    It's entirely possible that very few, if any, websites will be defacde that day. It's even possible that more may happen now that warnings are on high-traffic sites such as Slashdot; call it a self-fulfilling prophecy.

    Slashdot's reader pool contains a great many folks who own web servers or are site administrators, such as myself. Certainly there are a few black hats in the crowd, but for the most part, the audience is people in the trenches of the technology industry. I can't think of a better place to reach the people who's pagers would actually be ringing or vibrating on Sunday if/when defacements occur.

    Also, the story had already been picked up by mass media, such as the S.F. Chronicle. Since it was already being published to the general population, I feel that more good than harm would come from highlighting the issue in the technical community.

    My apologies to the others who rely on web/e-mail services from gotclue.net, as I've probably made this server a more likely target by drawing attention to the issue. I'll be reviewing patches and packages over the next few days and making some fresh backups, just in case. If I can have my cell phone ring on Sunday but, by doing so, keep a thousand other cell-phones from ringing for the same reason, so be it.

  • by austad (22163) on Wednesday July 02, 2003 @10:55PM (#6355486) Homepage
    "The FBI is taking this very seriously," FBI spokesman Bill Murray said. "Hacking is a crime and those who participate in this activity will be investigated and brought to justice."

    Bill then claimed that July 6th would never arrive for him as he is forever stuck on Groundhog Day. He then shot himself in front of reporters.
  • Back up your site (Score:4, Interesting)

    by mpost4 (115369) * on Wednesday July 02, 2003 @10:57PM (#6355498) Homepage Journal
    I don't have my own hosting, I just use the space verizon gives me, but I am not all that confident in the security that they provide, so I just make sure I have an up to date back of my web site, so if it is defaced I can put it back up.

Whoever dies with the most toys wins.

Working...