Aces High Bulletin Board
General Forums => Aces High General Discussion => Topic started by: AKDejaVu on July 17, 2001, 01:54:00 PM
-
The Top 10 page will be taken off line tonight. It seems too many people would rather test the bounds of my server security than visit the pages.
I will be doing a complete cleaning of the hard drive and re-installation of the OS this weekend. The site will be shut down until then.
AKDejaVu
-
Though I never paid attention to the stats you provided, I realize that you did this for the community, and it saddens me to see someone had to take it to that degree...thks for the effort, Deja.
-
I concur with Ripsnort.
And after the exchange we had (AK and me) on the initial forte into doing this I'd like to apology and say "Thanks!" for doing this.
Thanks AKDejaVu.
Westy
-
I personally looked forward to this after every tour.
Once again thanks for taking the time and posting the stats, I really enjoyed it! <S>
NUTTZ
-
Dang shame AKDejevu, hope to see it back up soonest.
-
A shame deja. Thanks for the work. I too looked forward to seeing the stats as well.
-
Dito Nutz ... but why someone would try to mess up ur web site? :confused:
-
Originally posted by SFRT - Frenchy:
Dito Nutz ... but why someone would try to mess up ur web site? :confused:
Because every online sim has a very diverse community, from the occasional week-end hacker, to the Santa's that sit at their monitors with nothing on but leather panties and a monocle on...
-
Well, I hope whoever it was (and we know you're reading, how else would you have known about the site in the first place) is pleased with themselves. You've ruined a enjoyable project for the community as a whole.
<S!> Deja, though a salute alone isn't enough for the work you've put into the project.
-
I agree with everyone else. Whoever messed up Dejas site - get a life. Do something positive for a change.
Deja, I'm sorry to hear about that, I really like the stats page (ok, so I'm a point monkey :) )
-
what a load of crap...........
Sorry to hear this DejaVu you did good work and its a shame that someone would do this ...........
good luck getting it straightened out ....... :(
-
Buttwipes... give us their IPs Deja - we'll make em pay!
A side thought, I wonder if HTC could host the pages?
[ 07-17-2001: Message edited by: Vulcan ]
-
HTC should host akdejavu's score pages
-
Blows! What ass’s people can be.
Zippatuh
-
The person who did this to DJs hard work intensive site is the same guy who is screwing up the AH community and AH gameplay. Its basically the same thing disrespect and uncaring. Letting us all down.
Sorry to hear the bad news DJ, we often argue on BBS, but I really love ur stat efforts and respect the time and care u put into it. I hope you can find a way around this and have fun putting ur pages up sometime in the future. <S> and hope it goes well for you in the end.
-
Wondered why I couldn't access the pages all of a sudden DJ... Is it the same guys that |-|4><0rd your site and put up that stupid chinese |-|4><0r index.html on there?
-SW
-
Perhaps someone from the top ten list of Chute killers???
ATC
(http://www.damned.org/images/ddemo1.gif)
[ 07-17-2001: Message edited by: DamnedATC ]
-
If you know the IP address of whoever hacked you, speak to HTC because they have a list of everyone who posts on heres' IP address.
-
There is an IIS worm going around and a few other common exploits that a group of chinese hackers have been exploiting to do this kind of thing. It's not likely anyone from this community if indeed they Chinese hack message was up there. These guys are running massive scans and using automated tools to compromise large numbers of servers. I know quite a few folks that have been simply blocking huge IP ranges at their routers if they are ranges known to be from China. That doesn't stop it because they have compromised other boxes they can launch attacks from, but it makes things a bit more difficult for them.
Deja, I'm a NT/Win2k type weenie with a decent level of training and experience in security hardening and that sort of thing. Please feel free to email me if you are running on either OS. I can get you lots of info on how to harden an NT/2k box running IIS to prevent this kind of thing. If you need *nix help, I'm not the guy, but I can put you in touch with those that can help. Just drop me a note if you want. :)
Which reminds me... time to double check my hotfixes and make sure I'm up to date!
-
That sucks
I was using this listing to see who I could recruit for my squad.
I was also using the list for squadron decorations. I hope this list comes back soon.
DeJa.. I know I asked you before, but if you don't intend on putting htis list back up, could you tell me how you go about making the listings? I would love to have the ability to get the P-51B and P-51D listings. Thanks.
-
Sad to hear that, Deja. I really appreciated your effort. <S>
Pepe
-
Give me their IPs
-
wasn't me deja... I don't know nuttin bout puters really. sorry to hear that something that so many people seemed to enjoy is gone. I certainly have asked enough times to be left out of ur pages but this is a little radical.
lazs
-
Because every online sim has a very diverse community, from the occasional week-end hacker, to the Santa's that sit at their monitors with nothing on but leather panties and a monocle on...
I've removed my leather panties, the red ones with the studs on the inside.
Now come sit on my lap Ripsnort, and I'll give a true reason for the rip in yer snort.
-
Originally posted by StSanta:
Because every online sim has a very diverse community, from the occasional week-end hacker, to the Santa's that sit at their monitors with nothing on but leather panties and a monocle on...
I've removed my leather panties, the red ones with the studs on the inside.
Now come sit on my lap Ripsnort, and I'll give a true reason for the rip in yer snort.
I have a tatoo on one cheek that says "No Entrance, Exit only!"...the other says "Yeild to oncoming traffic!"
-
LOL
Yield, to funny.
-
[Blatent plug]
I assume you were using a MS OS for this sight *cough*! I'm a unix bigot myself and this gives us the opportunity to wave our pom-poms. Although no OS is totally safe from attacks you can drasticaly reduce your chances of destruction/defacement with a unix based OS. Their are quite a few FREE ones but for security I would suggest freeBSD for a secure Web-Server. If you need any help if you plan to take on something like this It would be my pleasure to be of assistance in any way I can.
[/Blatent plug]
Sorry to hear about your misfortune Deja.
-
OpenBSD (http://www.openbsd.org) is a fairly simple and secure unix OS. You might check it out for your server.
-
Your hard work is greatly appreciated. It ticks me off that anyone would create more work for you. I know you must spend a lot of time crunching out what you do, when you could be flying, Thanks!
eskimo
-
Of course you can set 2k up, secure it, and have it and ready to roll in the time it takes you just to download the files for *nix. Unix is great if you are a knowledgeable user, but if you are not it's a steep learning curve and a large time investment just to get it set up and running, let alone secure. Only go *nix if you either are already a Unix geek or feel like spending many many hours learning how to configure and run the OS in a command line.
You can make 2k plenty secure for far less effort. This particular hack was an automated one I believe, and perpetrated through various slaved compromised machines that exploited a common, but already patched, bug. Simple use of Windows Update and the notification engine they use would have prevented this issue... it did for me. :) This was not a new exploit or a difficult one... Deja simply had not taken basic security precautions on that machine, and it would have been compromised just as easily (and possibly to much more dangerous effect) if it had been a *nix box without security precautions taken.
[ 07-18-2001: Message edited by: Lephturn ]
-
Originally posted by Lephturn:
...it would have been compromised just as easily (and possibly to much more dangerous effect) if it had been a *nix box without security precautions taken.
You said earlier this was an IIS worm? Tell me how exactly this worm would just as easily affect a unix box running say apache or thttpd? Remember, they don't run IIS. ;)
-
Sancho,
Apache has its problems too. I haven't stopped by their web site lately, but I know for a fact that they can no longer claim that it has never been hacked. The same group got into there that did the worm lephturn is talking about.
Besides, xNUX is great when you don't have any other real use for your computer. Personally, I'd rather not let a dual xeon system go to wast simply being a small internet server... and i don't want to have to set up yet another PC to do the job that it can do in addition to everything else.
So... LINUX, UNIX, Windows or whatever is just as much trouble security-wise for an inexperienced user. The server used to be LINUX... I do have experience with it.
I was actually hoping that if you didn't have anything of interest on the box itself, people would just leave it alone. Of course, that is not the case. People are so hell bent on proving superiority through malicious acts that it was unreasonable for me to be even remotely optimistic. My own naivite came back to haunt me.
So.. I'll bring the box back up with a little tighter security. Of course, in order to share the information, you create a window of opportunity for someone to prove just how clever they are by hacking in. Its a risk I'm always willing to take. I'll just learn my lessons as I go.
AKDejaVu
-
Well, I hope you caught em before they wiped away all that great top 10 data. I've enjoyed looking at the numbers myself from time to time. Your site inspired me to roll my own temporary score page a few tours back when I was score whoring in the jug. It was fun making the script, but no fun flying for score. ;)
I'm curious what they did to you? Defacement? Turn server into porn/warez server? Use it to DOS somebody?
-
Perhaps someone from the top ten list of Chute killers???
Damn, Dammned. :rolleyes:
-
Sancho,
No, not this PARTICULAR worm. There are plenty of common exploits and worms to hack *nix/Apache too. And most of them rely on the same types of mis-configuration or the exploitation of bugs where patches do exist. At least if you are running 2k and IIS you have a really easy way to keep up to date and patches applied with MS's Windows Update and their update notification thing. It works damn well. Don't get me wrong, Linux has it's place too... my point was that it's more important that the administrator of the machine be proficient and take some care than it is what OS your running.
BTW, this was a simple defacement combined with a Denial of Service worm, and it was done probably by a new worm being called "code red". Here is a link to the complete analysis. http://lephturn.dnsalias.net/stuff/idaworm.txt (http://lephturn.dnsalias.net/stuff/idaworm.txt)
So it's very unlikely that anybody targeted Deja directly, it's just that his IP # just happened to get scanned by the worm. The IP that "attacked" him is most probably just another compromised machine.
-
Sorry to hear of your problems Dejavu, I hope you get it back like ya want it. I really enjoy reading your top 10 pages, as does everyone else.
-
LOL Rip, leather panties :)
-
Excuse my crudeness:
It's a dam shame that some imbecile, with the IQ of a knat has to ruin someones work, and the enjoyment of those who frequent Dejas' pages.
Deja, I really enjoyed and appreciated your work. I am sorry that some low life love muffin had to intrude where he didn't belong.
Again, I apologize for my rudeness, but it really upsets me when someone decides he or she has to interfere, ruin, etc someones work, and the enjoyment the communtiy took in viewing Dejas' work.
-
Let me repeat this just so everyone is clear.
There is no "person" that targeted Deja's page. This is an automated worm released by Chinese hackers that is doing the "hacking" by exploiting a buffer overflow. This thing just scans psuedo-random IP addresses and automatically "hacks" any that have not applied the security patch which has been available for over a month. The compromised machines then begin scanning and compromising other machines, as well as sending data to whitehouse.gov to try and overload them. Deja just got unlucky because the automated attack program hit his IP and he hadn't patched it yet.
I just want to make sure everybody understands that this wasn't targeted at Deja's site by anybody, and it was not a directed attack on his site by any member of the community. :)
[ 07-20-2001: Message edited by: Lephturn ]
-
Originally posted by Lephturn:
Let me repeat this just so everyone is clear.
There is no "person" that targeted Deja's page. This is an automated worm released by Chinese hackers that is doing the "hacking" by exploiting a buffer overflow. This thing just scans psuedo-random IP addresses and automatically "hacks" any that have not applied the security patch which has been available for over a month. Deja just got unlucky because the automated attack program hit his IP and he hadn't patched it yet.
I just want to make sure everybody understands that this wasn't targeted at Deja's site by anybody, and it was not a directed attack on his site by any member of the community. :)
Leph is right. Just got a release from CERT about the Code Red worm. It's not a problem here as we patched our webserver the day the vulnerability patch came out.
Here's the Microsoft Security Bulletin for those of you running IIS on NT or 2000 machines.
Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-033.asp)
-
Thanks!
will dload