Marc, Susan... Some idiot has hacked into your website rendering it inaccessable. I was trying to show a friend of mine a car for sale on your site and...

 

whoa!... bummer!

 

Whoops... Apache/1.3.14 is a pretty old version. Obviously a bit too old....

 

Ouch! That's pretty nasty...

 

Pardon me. I must be naive. Would someone please tell me why the **** anyone would do this?

 

OMG!! Thats sucks...i cant even imagine how you fix it?

Makes you want to go and check your bank account as well!

 

Stupidity! WTF is wrong with people???

 

Mostly it's an ego thing. Some kid found a way to break into stuff and they want to show off that they could do it. It really requires very little brains and a lot of time on one's hands. What it boils down to is this:

1) Some very smart computer scientist types whose main purpose is investigate security of computer systems finds a security hole.
2) The security hole is pointed out to the software manufacturer, and they set about fixing it. Sometimes the issue is made public early in this process, sometimes late.
3) Vendors vary in their response. Microsoft took many months to respond to a recent security hole involving buffer overflows. A similar hole was found in Apache and a fix was available in two days. In any case the hole is eventually made public; at the very least information is provided with the software update, describing the problem the update is intended to fix.
4) This is 1/2 of the key -- RESPONSIBLE system administrators keep their software up-to-date with the latest security patches... though the uptake can be slow, especially in the case of MS where the fixes often introduce more bugs than they fix. Generally significant time is spent testing to see that the updates don't break anything else, and this testing can delay imlementation for days or weeks depending on many factors.
5) This is the other half of the key point... Many systems are floating around on the net with inadequately patched out-of-date software that is vulnerable, and have been in such a state for far too long. The present case is a perfect example. Examples of how to exploit security holes are distributed of necessity... System administrators use this information to ensure that their systems are fixed.

So what I have described above is the mechanism by which systems are supposed to be made more secure. Unfortunately, this same information is eventually made available to the public. Someone with a bit of computer savvy packages up the exploit with some simple instructions. This may or may not be done in the interest of making life easier for system admins who need to test their systems.

Now this package is picked up by what is called a "script kiddie", a general term implying a person with (relatively)little computer expertise who picks up these packaged scripts and runs them against various systems they want to compromise.

Any web server can be made to divulge what software it is running, and what version that software is at. It's a trivial thing to create a script that would increment through public IP addresses finding web servers and reporting their software and revision. http://www.netcraft.com will report this info for any given web server(one at a time). I've never looked into the specific details of how to do this exact thing, but I bet with a little help from Google I could duplicate Netcraft's "What's that site running?" functionality here at home on my UNIX box in 30 minutes. Another 10 minute's tweaking and I could have that script iterate through all public IP addresses and report on web servers it finds. With this I could discover what web server runs at www.devek.net without ever knowing that the devek.net domain even exists. Truth be told, I could probably find an example already written in less time than it would take to write it myself.

So anyway, what we seem to have here is a script kiddie with an agenda, who found a crack for an old version of Apache, searched around and eventually found a web server running a version of Apache that they could compromise. They may have never seen the content of the website, may never have known that it was devek.net. Quite frankly, in a case like this where the software is so horribly out of date, this sort of thing is simply inevitable.

I'm going to assume that the webhosting service, apparently NetWizards, Inc., has made appropriate backups of the data and/or Devek has their own backups and based on that say it's only a minor nuisance. But it's a perfectly avoidable nuisance, and it's unfortunate that the Thomases seem to have been let down. They know 928s, not Web servers and they can't be expected to know all this stuff. Script kiddies suck, but they are a fact of life and one must take precautions if one is to maintain a web presence. But for the people in whose care they left their site, I offer the following:



Disclaimer: While my day job is all about breaking high-end corporate enterprise software, security is not what I focus on. But if I can educate myself a little about how to secure public systems, then there is no damn excuse for someone whose main job is maintaining public servers not to do so, and no excuse not to implement basic best practices.

 

Probably a real good idea for people not to go look at the Devek site. There may be programming on it now that will compromise your PC if it's not patched.

 

It's probably just a bunch of jealous ricers.

 

In case anyone wants to see the crap (it's apparently someone who knows little English or an adolescent)...here it is.

 

Definetly a looser trying to show off. Marc, can't you reload your last back up copy?

 

They need to assume the box is completely compromised and rebuild from scratch. Somebody not nice has root on that box. If you just restore the files for the website, the O/S still belongs to somebody else.

 

if you run a search for
All # hackingcenter crews dal.net
you will see these guys have hacked literally hundreds of sites...

 

Any chance we can re-instate public floggings? Maybe some caneings?

OR - We take one of Andy's blown sharks...tie a rope from the rear crossmember to one of the hackers legs...do the same to the other leg with one of Carl's...and have a drag race with the cars running in opposite directions??

This is SOOO pointless. Best of luck in getting things back to normal for Marc, Susan and the DEVEK team.