hacked - Page 3

  • hack attack on .si domain

    I suppose there will be some more, but here is a listing to wake some people up

    MeTaLTeaM.oRGhttp://decordesign.si/aboutdd/Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://akultura.si/log/awstats012006.akultura...Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.sitograf-trade.si/stevec.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.rebernik.si/log/awstats012006.rebe...Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.larema.si/stevec.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.trgovinapr.si/log/awstats012007.tr...Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.mkv-klub.si/pic/Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://medinal.si/robots.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.termika.si/Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.revija-svobodnamisel.si/PHPCounter...Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.keling.si/log/awstats012007.keling...Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.gradbenistvo.info/stevec.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.fengshuiarts-sp.si/log/awstats0420...Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.belatrade.si/stevec.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.avtovleka-kopitar.si/galerija/Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://kilovar.si/HeaderInfo.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.lmt-si.net/stevec.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.jps-rs.si/log/awstats012006.jpsrs....Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.golf-klub.si/Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.giz-mi.si/robots.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://www.esg-proart12.si/log/awstats012006....Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://la-design.si/stevec.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://tadej-sink.si/log/awstats042007.tadejs...Domain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://sipca.si/log/awstats012006.sipca.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://laros.si/log/awstats012006.laros.txtDomain HackPolitik SebeplerOFF
    MeTaLTeaM.oRGhttp://lanit.ch/log/awstats072007.lanit.txtDomain HackPolitik SebeplerOFF
  • Several Israeli ebooksites hacked

    So imagine that you could change an ebook (PDF) in a file with malicious code

    and this also counts for




  • hacked a2.be

    this is the advertising




    this is the hack



  • despeeltuin.be hacked (playground in english)



  • bloggen.be has a strange page called hacked



  • Anti Israeli hack campaign has no truce

    In fact you would just forget and with zone-h.org being forced offline again (you had your 2008 report just in time between two full scale attacks)

    And this counts for a whole lot of .il sites. If you have .il site you should control your logs on a permanent basis and patch and defend your machine as if you are in the middle of an online battlefield (and you are the cowboys being surrounded by indians with all kinds of weapons, some even more sophisticated than yours)



  • hacking against gaza war goes on, even against small sites

    http://www.zone-H.org is one of the best to follow

    this Belgian scoutssite fell under heavy shelling with code.



  • Israeli sites of Pepsi, sprite, KAI and other international firms hacked

    We have said so before and it is just accumulating. YOu may have the best site in your own country and you may be able to withhold the levels of attacks in your country or on the international level, but the level of internet-attacks in Israel for the moment is of a totally different kind. For this you will have a tough decision to make.

    Or you send down specialist teams to defend the sites that are up there. And you close down any interactive function that is not essential for the site.

    Or you transfer the content of the site to your main server on a Israeli subdomain and you upgrade the central monitoring and security defenses.

    Because somewhere on this internet is maybe someone somewhere with the professional knowledge and time to scan, attack and hack those systems as he has never done before. Prepare yourself for the brightest and most intensive.


    2009/01/12Jurm Team gillettechampions.co.il  
    2009/01/12Agd_Scorp fanta.co.il  
    2009/01/12Jurm Team sprite.co.il  
    2009/01/12Jurm Team daihatsu-israel.co.il  
    2009/01/12Jurm Team wellaclub.co.il  
    2009/01/12Jurm Team headandshoulders.co.il  
    2009/01/12Jurm Team gillettefusion.co.il  
    2009/01/12Jurm Team kia-israel.co.il


  • any site with israel or jew in it will be attacked

    and so it is strange to see that a site like israelmagazine.net  didn't prepare itself enough for the onslaught and was hacked

    and don't think it will be over soon


  • be notified for free by zone-h.org of a hack

    This is a must for hosters and networkadministrators, there is no other way that you could know and as long as they are around it is the best and fastest way to know

    Starting from today and only for registered users will be available the old Zone-H services plus some new one.

    The services subscription module  is now available from the user menu by clicking on the "Mailing list subscription" link, provided you are registered and logged in.

    What kind of services are available? 

    1) Early Warning service:  this service has already more than 8000 subscribers most of them being the admin/webmaster of the website they want to monitor. Each time Zone-H receives a notification of a defacement, it checks if for that website there are Early Warning subscribers and notify them about the intrusion. This service is free and will always stay free. What's the value of this service? There are little chanches for administrators to be aware about intrusions on their webserver if the defacer created a /hacked page; being the homepage still online there would not be any immediate evidence about the intrusion. The Early Warning service overcomes such problem. 

    click on "read more" ro know about further services... 

    2) daily news mailing list: this service will send directly to your email address all the daily news published on zone-h (one mail per day)

    3) special defacement mailing list:  this service will send directly to your email address all the daily special defacements published on zone-h (one mail per day)

    4) advisory mailing list: this service will send directly to your email address all the daily advisories published on zone-h (one mail per day)

    Please note that subscription to services 2, 3 and 4 is already available while the service itself will start somewhere within the next 48 hours.

  • export agency of Israel proofs why interactive functions are stupid during cyberwar

    Every weakness in your site or any of your functions or modules will be exploited to inject text or change anything that is possible just to leave a mark or vandalize it a bit.

    During cyberwar you should desactivate everything that is interactive or put it really in a freeze mode or with very limited access. But the less you have the less you have to worry about.


  • protect-sites.com is hacked (good joke)


  • antivirusfirm eset.co.il injected



    if you have a site in israel you will get attacked and eventually hacked, so prepare for it, even if you think that you are smart and big and whatever...

  • Mit.edu hacked by Turkish hackers


    still the case at http://snl.mit.edu/

    we told you the cyberwar was beginning to go after bigger sites....

  • US website for fallen soldiers remember.gov defaced by iranian hackers

    It seems broken (database error) and dead 404 anyway, but now it is also defaced


  • Exclusive .be hacked 2008 zone-h.org report

    These are all the 2519 websites with a .be domainname that have been defaced, hacked, injected according to zone-h.org during 2008. We received the listing exclusively to be able to make some predictions and some statistical explorations. This is not a scientific study, it is an INDICATOR.

    The reason that it is an indicator is because zone-h.org is not a search machine that scans the internet for hacked sites. This is not possible. It is not possible to do because there are so many ways in which you can change a page or inject pictures or code in it. It is not possible because search engines don't have access to all the pages, even if those pages get hacked, defaced or injected. This is the reason why Google can't replace a collector like zone-h.org. We have found other sites that were hacked during the year that we did find with special google searches and we will publish that list shortly.

    So to make it clear : these are all the sites that the attackers and defacers have submitted THEMSELVES to the collector zone-h.org  This doesn't mean that everybody who hacks does it, but many do. This is also the reason why some securitypeople want to take zone-h.org offline because they hate it when the vulnerabilities of even big sites are published for all to see.

    We here find that zone-h.org is a very good resource for securityresearch because it gives us some realtime indications at the one hand and a historic view at the other. During though economic times in which priorities have to be reviewed so often, this is a nice indicator to have. We would never have known that there was a Turkish attack against .be websites while there were Turkish riots in Brussels. We have sent out a warning at that time and we can see that this has made some effect. We would never have seen that the hacking of Joomla sites after the release of the exploit would be so massive (july-august) if it weren't for zone-h.org. We did sent out different warnings but it seems now that Joomla sites have become a favourite attack target. If the Joomla community doesn't take the necessary measures as Windows did some years ago they will get attacked, whacked and defaced on a continuous basis.

    Zone-h.org is the best collector on the web for the moment and this has something to do with her credentials, reputation and her internal controls before adding submissions to the database itself. At the end of 2008 Zone-h.org was attacked again (second time that year) and taken offline. At the height of the beginning of the cyberguerilla between Arab militants and Israeli and western defenders, security researchers were scrambling to find an alternative. There was none worthy of that name and the alternatives were too incomplete to show a global view.

    Another thing to make clear before going to the numbers is that we are speaking about hacking, defacing and injecting all together. The listings we received don't indicate if the site was fully hacked, defaced or if there was just some text injected in the forum or other interactive functions. This gives sometimes way for an enormous and silly discussion that needs to receive some attention before going to the statistics.

    One of the least commented but in my eyes most important hacks ever was the change of some text and numbers in a text on a newspage of Yahoo. People tend to believe things on the internet too easily. They presume that it has been reviewed, checked and is effectively only written by the writer. This totally changes when a hacker shows that anyone can add a picture, some text or even a page to a website. No matter if it is small or big. Someone that didn't receive any rights to do anything on the website just changed content on the website. The webmaster may find it silly. But he may find himself lucky that the silly hacker/injector/defacer just put some stupid graffitti or slogans on the website and didn't change prices, conditions, press releases, contacts or other things without indicating to the outside world that someone else than the administrators did those changes and that those administrators didn't know anything about those changes. Imagine that a major newspaper would have as headline that Fortis was to be sold to KBC. The effect and damage would be immediate, the time to resolve it would be too long and the lasting impact on the trust we have with online content would be enormous.

    So every change to a website or a page that is done without the knowledge and consent of the administrator, especially on the places where users normally can't change or add things themselves, is a hack. Period. This doesn't mean that people have access to the server or the member list, but they did control part of the website.

    Another thing to make clear is that operating systems of servers as such are losing their importance. It are the webservices that are running on them (for example the bulletin boards, the content management systems and so on) that are being attacked. It is so important to place an application firewall, to limit access and to patch all your modules and parts of your webservices on a permanent basis. And if you are not up to it, it is time to consider a professional service. With this we don't mean the amateurs that are selling hosting for peanuts but don't have any backup, firewall, antivirus, HIDS and other defensive and protective services to offer.

    The most important thing although is to keep an eye on your website. It is just amazing how many websites were being hacked/defaced for weeks, months and that no-one corrected a thing. (even after publication on this blog and so on Google if you did a research on your domain site:x.x). A related observation is that if you don't need a domainname anymore, you just park it somewhere without any website. It is dead and over and gone and if you don't have any more time for it, you should just kill it.

    We have chosen the .be domainname because they fall under Belgian law. As there is for the moment no geolocation with the hacks in the zone-h.org database it is the easiest way to locate websites that fall under Belgian law. We want also to point out that there is a difference between the domainnames and the servers. µµIt is possible that a server has been defaced/hacked with many .be domainnames on it. Strangly everyone in Belgium can set up a server and call himself a webhoster. There is no certification or quality control or minimal obligations. In the real world no one could set up a business like that, surely not a webshop (of which some were defaced/hacked/injected last year).

    When we look at the number of 2419 domainnames that were victim in 2008 of such an attack according to zone-h.org and we see clearly that the Joomla crisis had a big impact during the summer. You can see that between 100 and 200 .be sites are submitted to zone-h.org each month. This means around 20 to 50 each week. Take with that around max. 10 additional hacked .be sites that are found by Google each week and you have a number of sites that a CERT in Belgium would have to clean up each week. You don't need an army for that.



    When we look at the operating system of the .be domainnames that were hacked, we have the following result. It can be that there are more domainnames on some hacked linux servers but shared hosting is not always a smart idea.



    The operating systems for Apache webservers of domains that were hacked.



    The same for the IIS servers


    we also publish the total listing with the names. If you are in it, than I hope that you have done something about your security because if you are hacked, you will be attacked and tested and scanned on a permanent basis. Once you were hacked your security situation changes totally. Like or not, but that is the way it is.

    And this is the reason that before you set up a website or add a whole bunch of interactive functions you should be sure that you have set up a secured hosting, a safe and tested code and implementation and a security surveillance and response team. Otherwise you are just a sitting duck, as we have called the Joomla people during the summer.

    Sunday we will publish the top5 of the hacked .be websites and some analysis about the attacking clans. Who are they and who is most important to watch out for ?

    if you have indicators and numbers about Belgian security we will be happy to treat them for you and to give them the visibility that they deserve. Just contact us.

  • Exclusive all the .be websites that were hacked in 2008

    Source is zone-h.org with which we will be working more closely soon

    hacked .be