July 6th - Website Defacement Day?

pabl0 writes "According to an article from SFGate.com (San Francisco Chronicle), a challenge has been posted, inviting web-site defacers to alter the content of as many web sites as possible on July 6th, with an apparent limit of 6,000 websites per contestant. Looks like this would be a good time to make sure all those web-server security patches are applied!"

In other news

[ramzak2k]

July 7th was announced as national handcluffing day when hordes of hackers would be paraded around the streets in major cities.

Wrecklessness

[LordoftheFrings]

This is just really awful. A huge call out for Script Kiddies of the world to unite. Terrible.

*shakes head*

*looks around*

*starts researching latest exploits*

*runs*

Re:Our tax dollars at work...

[EdMack]

Em, if you RTFA, you would see

"Frankly, hacker challenges occur frequently, and we don't think they all rise to the level of a warning," Homeland Security spokesman David Wray said.

Yes this is /. but only flame the gov when you must.

Re:what are you talking about?

[donutz]

Slashdot has little to do with the defacement. Slashdot is simply reporting this.

Nah, the San Francisco Chronicle is reporting it.

Slashdot is just giving a bunch of tech-minded people a forum in which to talk about it.

whu?

[deadsaijinx*]

The purported "prize" for participating hackers was 500-megabytes of online storage space

WOOHOO! After all that hacking into thousands of web-sites with who knows how many terabytes of storage, I can now get almost a FULL CD of free web-storage!!!! WOOHOO!!!

Wait, can I still use that in prison?

Score -1: Troll

[mortonda]

Once again the desire to moderate a story flares up.

Please don't feed the trolls.

Re:what are you talking about?

[meme_police]

Precisely. Do all you dotters think that the Slashdot effect is bigger than all the major new organizations put together? Slashdot isn't the only site reporting this.

Re:What sort of prize is 500mb??

[Andorion]

Uh... prize? In an ILLEGAL hacking event?

"To collect your prize, please call 1-800-FBI-NARC... a representative will be sent to your home shortly."

~Berj

Apply your patches!

[donutz]

New York officials urged companies to change default computer passwords, begin monitoring Web site activities more aggressively, remove unnecessary functions from server computers and apply the latest software repairs from vendors such as Microsoft Corp.

Well it took some doing, but I managed to get that latest Microsoft service pack installed on my web server. It said that it fixed a lot of issues, so I felt it was worth it, even though I run a Slackware 9.0 Linux server. Here's to hoping it reboots alright!

WHOIS defacers-challenge.com ?

[RobertTaylor]

Registrant:
of, Day (TPEEWXQFBD)
11 Albert Rd
AMITYVILLE, NY 11701
US


Does that place exist? If so *deface that* ;)

I doubt it will be a real address though, however the idiocy of some people does often suprise me!

Re:what are you talking about?

[meme_police]

Is Slashdot telling us how to exploit IIS or Apache? No.

Bah...hackers schmackers!

[madmarcel]

Hmmm...july 3rd...counting down...

But...let's look on the positive side:
Let's say thousands of websites DO get de-faced (w00t - how very unlikely ;)

A) Thousands of extra hours of work created to clean up the mess. (or not - y'all make backups right ;) Those are surely bill-able hours right?
And it's on the weekend, wahey! Double rates!

B) All the administrators of web-servers that WERE defaced will HAVE to examine the security of their web-servers. Improvements will HAVE to be made. If 'thousands' of web-servers are forced to improve their security...is that a bad thing?

C) Perhaps a lot of administrators (and PHB's) will notice that the most commonly defaced web-servers were (or are likely to be) those that run M$ software of some sort. Would that make them more likely to switch to OTHER software?

D) Hundreds of lamo script-kiddies prosecuted, jailed and/or permanently disallowed from using the internet. Excellent. Perhaps /.'s troll ratio will drop, and IRC will become a pleasant experience....NOT! :^D

Re:handCLUFF?

If they told you, they'd have to cub you to death.

Re:A Haiku

[Tackhead]

> And actually, the 5-7-5 pattern is not strict, and neither is having exactly three lines. H Haiku should always mention - implicitly - a season, and should have a change of perspective or other "turn", perhaps to the point of awaking surprise.

0WN1N8D!
Buffer 'sploit known since last spring.
(I fixed it for you.)

Re:Let them start with the **AA sites

[MrLint]

Hehe I smell a poll question brewing in this post!

Who's website would you go to see if you knew it was defaced?
* RIAA/MPAA
* SCO
* AOL
* EMarketersAmerica.org
* That other jackass spammer with the sports car in michigan?
* Microsoft
* the cowboy neal foot fetish extravangaza

Re:Our tax dollars at work...

[Malfourmed]

wonder how many millions Homeland Security is going to spend "preparing" America for this one.

Patch and cover! Patch and cover!!

Re:Costs people money?

[Karhgath]

Saying that it doesn't cost money to people because it's corporations that pays the bill is pretty stupid of your part.

First, fixing the page is probably the least important factor to consider.

Since it's kind of a 'contest', who defaces the most websites, how much can you bet that a large % of them will be medium to small sites? Most will also be e-commerce related sites, since their security is often compromised by badly written e-commerce software.

Now, take the normal MomAndPops.com, which sells apple pies. Client comes to the site expecting to buy apple pie and then find out that the site become a Hacker Advertisement site of some sort, or even worst, says that Apple Pie causes cancer. What will they say? "I'll come back later when the website is restored"? I don't think so. Most probably: "Shit, they stopped selling apple pie because it gives cancer!". It's sad, but a lot of people are gullible.

So, the real problem is loss of sales because of it, and/or traffic/readership, and/or reputation or anything the website is based on. The longer the site remains defaced, the more the website loses. This is the real killer, especially for small to medium websites/e-commerce, and most of these aren't run by evil megacorporations.

And your attitude of saying it's not that big of a deal because the corporation has enough money to fix it, or won't pay the guy in overtime, is not very wise. Sure, most of them exagerates the 'cost' of hackers and such, but it doesn't mean it isn't substancial, or that it just costs a simple fix of the website.

Re:frosty piss

[Proudrooster]

This is the exact correct place to put it. Thousands of SysAdmins read Slashdot and now know that they had double check their security or risk embarassment on July 6th.

Also, I have heard rumblings of yet another MS worm run scheduled to run rampant over the 4th of July holiday weekend. (Prepare for pager meltdown MS and network admins.)

I totally appreciate the heads up. In fact I did an external port scan of my Class B today and found out that the firewall monkeys had opened incoming ftp from anywhere to key servers. If it wasn't for this new threat I probably wouldn't have bothered to rattle the door knobs before the holiday.

I'd say that everyone has fair warning. Make sure your backups are up to date and that you don't have any easily hackable services exposed. Now the only question is, "Who will be embarrassed?"

Remember folks, it's not just about defacing, it's about defacing creatively.

~ Ha]<0R D00D

Re:If /.'ed

[yourmom16]

I never understood the slashdot effect. How can a bunchh of slashdotters bring a system to its knees when they dont even RTFA?

Preparations

[yintercept]

Slashdot may have informed a bunch of hackers about Defacement day, they are also informing a large number sysadmins who will check their weekend back ups and prepare for a Sunday in the office.

Of course, the smart thing to do is to deface your own web site, then you can take the weekend off 'cause the hackers will think you've already been tagged.

Re:frosty piss

[jafiwam]

Yeah?

Well guess what. They put the thing out there before I was hired and put a bunch of twitchy-clueless web hosting customers on it.

I got a new set of servers, got to design how it all works, all patched and good and ready to go. Know what I am waiting for? Server brackets. The boss's dad is makin em in his garage. Until then, I can't put the new ones up in the rack.

Then I get to migrate all of them-there sites to the shiney new servers and answer stupid phone calls to explain how DNS works, and explain how their ISP proxy server is fucking broken.

You think any of this is my choice? (Aside from the shiney new stuff.) Think anybody is going to stop and think "Gee, this might be patched tomorrow and it won't be a threat to anybody as a zombie then!" Nope. They won't think at all.

Your justification for web site defacement sucks. You might as well ass-rape your sister cuz she's not wearing a chastity belt. If I run across your mom, you'd better hope I don't use the same logic you do.

It's not Darwinism, it's vandalism.

I agree that there are a lot of lousy sysadmins out there, causing lots of problems by letting their machines get hacked. But you should think about how you think things should go a little bit. Maybe it would be better if you concentrated on educating those around you how to set up a web site properly, hmm?

(As for me, I hope the Spanish-speaking nitwits organizing this end up in Colombian-Federal-pound-you-in-the-ass Prison. They deserve it.)