Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attrition.org Defacement Mirror Frozen In Time

Posted by timothy on from the cnn-drops-coverage-of-mooning- dept.

webword writes: "Attrition.org has decided to stop updating their defacement mirror. Their decision is based on problems associated with the rapid increase in web defacement activity. They don't have the time, energy, or money to keep it updated. Fortunately, the image gallery, music reviews, movie reviews, poetry, and contests, will receive more attention." Those things are certainly more interesting to me than who's scribbling where, and it was becoming no fun for the attrition.org folks to keep up with them.

21 of 52 comments (clear)

  1. I don't blame Attrition. by Anonymous Coward · · Score: 2

    Oh well, it's not like defacements are even interesting anymore. Defacements from 2+ years ago were somewhat interesting, but now its clearly a bunch of morons who can't even put a sentence together. "j00r 0wn3d bY th3 d34th hax0r cr3w." Lame. These people just want to see themselves on attrition and hope to get a name in the 'scene' because they lack the skill to publish security papers, code etc. I've actually talked to a decent amount of defacers and most of them are ridicliously unskilled. They taunt admins about being "stupid" but 90% of them couldn't admin a network let alone a unix machine. Defacing was interesting a few years ago, now its just a bunch of ./i-know-this-will-get-me-in. Notice how most of the defacements are *cough* NT and done with the same 2 exploits. One that has been around for quite awhile now. It used to be about quality (high profile sites) and a fun prank, now its quanity (w0w i hax0r3d moms-bakery-and-bath-towels.com!) and taunting and being a general ass. They're not hackers at all, just the equilivent of a lowlife street thug.

  2. why not open to volunteers? by ragnar · · Score: 3

    It seems to me that a better solution would be to call upon volunteers to maintain and edit this section of the site. Heck, I didn't even know attrition.org did other stuff. They have a significant namesake in archiving the underbelly of the web and I'm sure there are plenty of people who would contribute to the archive if they develop a decent interface for it. We have very little history on the Internet.

    --
    -- Solaris Central - http://w
  3. Another site mirroring defaced sites by bleh-of-the-huns · · Score: 3

    For those who are really interested in who is defacing what, and which companies where defaced and teh defacement of said site, http://defaced.alldas.de is also mirroring defacements.

    --
    I came, I conquered, I coredumped
  4. Of course... by Levine · · Score: 4

    You could look at this another way; now, all of the bored teenagers on IRC have no way to prove that they cracked momandpop.net, nor is their most revered accomplishment set in the annuls of history, so page-defacings decline.

    I mean, it is nothing more than a big "Lookie what I did" ego-trip. I know - I've seen the people that do it.

    Cheers,
    levine

  5. Re:Sudden drop in defacements? by D3 · · Score: 2

    And just what bullshit proof do you have of this? Do you have any real knowledge of the type of people that do this? Just consider for one minute the other factors in web page defacements.

    1) The _world wide_ increase in the number of PCs available to the kids that deface web pages.
    2) The _world wide_ increase in the number of stupid websites put up for businesses, etc. by "administrators" who only know how to click the "next" button during an installation.
    3) The fact that even just a couple of years ago, many of these scripts and tools that make it so easy didn't exist.

    There are other factors as well. The truth is, we don't really know what will happen. Defacements might go up since people won't think their message is being seen as much otherwise. Maybe now these people will get more daring to get this supposed attention and actually start doing real damage.

    --
    Do really dense people warp space more than others?
  6. Attrition as art? by D3 · · Score: 2

    Attrition was/is a new form of art to me.
    Does it mearly reflect the world around it or does it influence the world into a new direction?

    --
    Do really dense people warp space more than others?
  7. Re:Sudden drop in defacements? by D3 · · Score: 2

    The fact there are both more targets and more kids at home playing around with trying to hack. Therefore the number of defacements rises regarless of attention from attrition.

    Also, the typical script kiddies do it more for the attention of their percieved peer group in IRC than what they get from attrition. This much I know from speaking directly with attrition staff.

    --
    Do really dense people warp space more than others?
  8. this is a BAD thing!!? by macpeep · · Score: 2

    Let me get this straight; we have a site that shows defaced (cracked) sites and it shuts down because there are simply too many of them these days. And this is a bad thing because..?? Why?

    Listing security bugs so people can protect themselves is a good thing. But what possible good does showing defaced sites do anyone? If anything, it encourages more cracking. Please tell me that we all agree that cracking sites is a bad thing! I can't imagine why anyone would be interested in looking at the work of 14 year old script kiddies anyway (who read about the latest IIS exploit)!

  9. Re:Sudden drop in defacements? by MadAhab · · Score: 2
    I want to agree with you, but I can't. The most graffitti-ridden walls I've ever seen are in places where no one will see them. True, this is in part due to the convenience factor; it's pretty hard to spraypaint the Statue of Liberty.

    But take a look at your average subway tunnel. Walls and walls of graffitti that pretty much no one ever sees. The graffittists (word?) must walk through hundreds of yards of rat-infested, garbage-strewn tunnels to get there at substantial risk and low payoff. Their only audience is each other.

    I'd be more willing to predict a rise in IRC channels dedicated to posting defacements.

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.

    --
    Expanding a vast wasteland since 1996.
  10. It only makes sense by WinDoze · · Score: 2

    Imagine if YOU had to update their defacement site every time an AC or "spork" posted to /.

    Uhhh... that counts as "defacement", doesn't it?

  11. Re:I cannot say how much time I have spent there by webword · · Score: 2

    2001-05-22 04:59:24 Attrition.org Defacement Mirror Frozen in Time (articles,news) (accepted)

    I give you a tip of my hat. However, I did actually submit this 2001-05-21 in the early evening, before 22:30:37 So, I did beat you to it, probably within a few minutes, although the system does not capture it.

    --
    How to Download YouTube Videos
  12. No! Th1z 15 L4m3! by supabeast! · · Score: 4

    Th3Y c4nn0tz do th1z! Wh3r3 w1ll my m1rC budd13z g0 t0 s33 @ll 0f my 31337 h4x0rz!

    L1nUx 43v4h! FUX0R US G0V3Rm3NTZ!!!

    /sarcasm off

    good.

  13. Re:God, who can blame them... by Alien54 · · Score: 3
    Well part of this is the sheer growth of the web, even if one percent of one percent of all sites were whacked, this would certainly increase to an alarming degree with the expansion of the web.

    The other aspect to this is that the scripty kiddies out there take it as a badge of honor to get a defaced site listed in a mirror. To a certain degree, while we want to document the carnage, maintaining a mirror becomes a reward system for the script kiddies. It acts like fertilizer, which is not exactly what we want in the first place. So it might be a good thing to stop rewarding the skript kiddies with the public acknowledgement of their vandalism.

    Check out the Vinny the Vampire comic strip

    --
    "It is a greater offense to steal men's labor, than their clothes"
  14. Automagical solutions by SubtleNuance · · Score: 2

    Why does it take the attrition guys long at all to set up the mirror? What is wrong with setting up a form to a cgi script - have a perl/phython/awk/whatever script do a GNU/wget and build a link somewhere.... they could also setup an email gateway for the kiddies if a form is too much trouble for them...BR>
    I fully understand that the Attrition people feel it is too much work - its completely there own choice - but does working a mirror of defacments have to be that labour intensive? Why didnt they set something up to work automagically for them...?

    1. Re:Automagical solutions by Fatal0E · · Score: 2

      Your solution would have to either be magical (minus the auto) or a breakthrough in AI. Otherwise it would go from Attritions Defacement list to getting spammed by all the idiots mirroring anything

      Without an actual human being to verify the fact that a page has been hacked what would they do, use an honor system? 'Defaced' is an intangible, relative term. A person would have to check the defacement even if there was an automatic way of setting up the mirror.
      Personally I'm glad their postal section will have more "hack my g/f's hotmail account plz" then "stfu and mirror my hack of Chucks Hardware site". The 'teach me to hacks msgs' are mad funny!

      --

      BOSTON SUCKS!
  15. Sudden drop in defacements? by Calle+Ballz · · Score: 3

    If alldas doesn't become as popular as attrition, please watch for a sudden drop in defacements. The driving force for 99.9% of all defacements is for people to get attention. Most of the websites hit actually get the more traffic than they've ever got once they get posted on attrition. Who honestly cares about www.randomschoolinsomebackyardstate.k12.xx.us?? It's just a forum for underachievers to get attention. I think that with attrition leaving the scene, this entire web defacement trend just might calm down a bit.

  16. God, who can blame them... by Shoten · · Score: 5
    I certainly don't blame them in the least...I wondered how much longer they'd keep the mirror up. One entertaining perousal through Attrition's "Going Postal" section shows you a combination of impatient hackers showering profanity at Munge, Jericho, and the rest of the crew for not being fast enough at mirroring sites (as if that was their purpose in life), right alongside threats of legal action by clueless victims of defacements. And the whole while, to keep the moral high ground, Attrition would turn down security work by anyone mirrored, no matter how much money was offered or how strong the plea for help.

    I've seen a lot of discussion in the past year on the point of the Attrition mirror, including a session by Attrition themselves at DefCon last year, and this was clearly a long time coming. I'm sorry to see it end, but also in a sense happy for the fact that the guys who had to maintain the mirror will see some peace return to their lives.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  17. seems to me by waspleg · · Score: 2

    like this is something that should have been more or less automated from teh beginning

    i'm not sure how hard this would be or how difficult it woudl be to forge posts etc w/o anyone to verify them but i used to enjoy going through attrition myself

    at the very least they could be offering to let volunteers handle it

  18. Why didn't they set something up automagically... by jahjeremy · · Score: 4

    ...because they are sick of dealing with the type of people who deface webpages and write to them saying 'Oh, please teach me how to be elite haxor' or 'Dude, ya gotta help me break into my girlfriend's hotmail account' or (personal favorite) 'Help me hack my on-line homework because my teacher (?) is too lazy to grade papers.'

    I think after several years of fun and sarcastic replies, they've finally grown tired of the attention and want to stop attracting the riff-raff. Dropping the full mirror seems like it should help. Their site has tons of content and a huge text file archive that has been neglected lately. Probably they want to get back to adding meat to their already excellent site. Besides, with only 3 guys handling the mirroring, the rash of recent (and not-so-inspired) defacements forced them to spend hours mirroring all the crap.

    Also, they confirm each hack individually. How could one "automate" this without risking said kiddies trying to break or exploit the automated system. You're not exactly dealing with the most honest or moral segment of the computing community.

    Can you imagine receiving 10 or more e-mails a day similar to: 'Hey, where's my defacement? I put it up 10 minutes ago! God, you guys are slow. What are you doing, humping your sister?'

    Basically, they were performing a service for which they got nothing back except abuse from kiddies and sys admins. So they just said, "Fuck it." Frankly, I don't blame them at all and look forward to more great stuff popping up on their site.

  19. It was good while it lasted by neilest · · Score: 2

    They're only stopping the minor defacements "We will also continue to provide commentary and articles on high profile defacements, significant trends or other activity that warrants attention." Also, the Attrition Defacement Statistics are still being published.

    Personally, I will miss the mirrors, but I'd like to see what becomes of the site now that the attrition staff have the extra free time on their hands

  20. To make things a bit clearer by Modify · · Score: 2

    All- First off I would like to thank all of you for the kind comments within this thread. The reason we started this website was for everybody in the security/technology community. This all started as a hobby site and the staff at Attrition.org had a lot of fun with it and tried to create a place where one might go to learn something. Anyhow, I could go on and on about the whole history and how everything formed but I'll cut to a few points and hopefully make things much clearer. 1. Money had no hand in the decision here. We all have jobs during the day and this mirror was totally absorbing our personal time. Many of us would go hours and hours reviewing sites and making sure they were valid on top of our workload. This is a hobby site and a hobby site implies one would have fun doing it regardless of being paid or not... Many of us wanted to do other things with our time but we couldn't cause we had to sit in front of the computer for 10 hours to validate mass hacks all day. It gets exhausting after a while. 2. The hack verifications were automated using a script (that both Jericho and Munge tinkered up)but for historical purposes and for statistical purposes we had to verify each and EVERY hack that came through. Another words, we needed to see with our own eyes that the site was hacked or the statistics and mirror would not be valid. So, we could either make our lives easier by not validating the hacks and basically taint our stats and work or we could put forth the effort and make something useful. Again, if your going to do something you might as well do it right rather than fall short. 3. Other sections of the site that were put on the back burner will finally get the attention that they deserve (this I am personally happy about). 4. THE SITE IS NOT CLOSING DOWN... I think i've read a few instances where journalists had said that Attrition.org was shutting down. We are only doing away with the mirror. The decision to keep the mirror on site is still to be determined. Anyhow, I will end it here... I just thought that everybody HERE deserved some insight due to the fact that the site is for this community. -Modify Attrition Staff staff@attrition.org