Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mass Website Hack Compromises 200,000 Sites

Posted by Zonk on from the that-is-a-lot-of-angry-pr0n-bots dept.

Stony Stevenson writes "Hot on the heels of a recent hack in which 10,000 sites were compromised, researchers have disclosed a new large-scale attack. Researchers at McAfee estimated that the attack has been active for roughly one week, and in that time frame has managed to place itself on roughly 200,000 web pages. Most of the infected pages are running the phpBB forum software, said McAfee. The compromised pages are embedded with a Javascript file that links to the site hosting the attack."

16 of 153 comments (clear)

  1. Please be more forthcoming by BadAnalogyGuy · · Score: 5, Insightful

    Back in the later months of 2001 we experienced a gradual realization that there was something quite amiss about our government's response to terrorist threats which resulted in the disaster of September of that year. It turns out that not only did we know that there would be a terrorist attack, but we had credible leads indicating who and how it would be carried out. But the lack of information sharing led to disaster.

    Here too, we have a threat which is already running wild. Thousands of websites are being attacked. Unfortunately, this article, like many which abound in the security theatre online media, is long on consequences and short on details. Someone knows how the attack spreads, but they aren't sharing the means of stopping the attack.

    This article and its lack of content does as much to spread fear and chaos among computer users as the actual attack. These are technical problems which can be fixed. By not being clear about the threat, the article turns hackers into bogeymen that can't be stopped. Give some better info, tell us how to close the hole, and let us get back to work.

    1. Re:Please be more forthcoming by Hao+Wu · · Score: 4, Insightful

      This article and its lack of content does as much to spread fear and chaos among computer users as the actual attack. These are technical problems which can be fixed. By not being clear about the threat, the article turns hackers into bogeymen that can't be stopped. Give some better info, tell us how to close the hole, and let us get back to work.

      Oh they'll have an answer for that -- just buy McAfee's "protection".

      Remember- your Mac is spreading viruses, even if it's not infected.... Be ashamed!

      --
      I suggest you read Slashdot
    2. Re:Please be more forthcoming by Loopy · · Score: 2, Insightful

      While I agree that the synopsis leaves something to be desired, inserting political diatribe equally lacking in factual detail does not improve the situation. I'm not sure who you're trying to score points on that cares but can we stick to the topic at hand or is that just too much to ask?

  2. Good news for us, I guess... by jnelson4765 · · Score: 3, Insightful

    We don't run phpBB. Is it just me, or is phpBB almost always the target of these kinds of attacks? I mean, there are probably hundreds of CMS systems out there, but almost every mass site hijacking/defacement I can remember has involved phpBB.

    Am I completely off-base here?

    --
    Why can't I mod "-1 Idiot"?
    1. Re:Good news for us, I guess... by Phantombrain · · Score: 3, Insightful

      It's targeted because it is so popular. All of the attacks that are publicized are on boards using outdated software. When more details come out, I'll bet that every single board will be several versions out of date.

      --
      echo YOUR_OPINION > /dev/null
    2. Re:Good news for us, I guess... by Dan+East · · Score: 4, Insightful

      It's the same reason hackers devote so much time exploiting Windows - more bang for your buck. phpBB is everywhere.

      --
      Better known as 318230.
    3. Re:Good news for us, I guess... by enoz · · Score: 4, Insightful

      It's targeted because it is/was popular and has/had serious exploits.

      I do not believe anyone really knows what market share the various forums have, but it is generally believed that the most popular are Simple Machines, phpBB, vBulletin, and Invision Power Board (in no particular order).

      I cannot believe that phpBB has so many successful attacks simply because it has a large installation base, otherwise these other forum softwares would also be suffering the same fate.

    4. Re:Good news for us, I guess... by mcrbids · · Score: 5, Insightful

      It's the same reason hackers devote so much time exploiting Windows - more bang for your buck. phpBB is everywhere.

      Except that popularity != exploitability. Many people think that software is like a safe - if you grind at it long enough, eventually it'll open. Software isn't like that. You can grind at software forever and it won't change anything unless you actually find a vulnerability - a case not handled by the software.

      For example, MySQL is much more popular online than Microsoft SQL. Yet MS-SQL gave rise to the slammer worm while the vastly-more-commonly-installed MySQL has not ever been infected by anything anywhere near the same magnitude. (Yes, there have been a few. They didn't get very far)

      The formula is NOT:
      Popularity = Exploited.

      It's more like
      Popularity * Bad Design = Exploited.

      And even bad software can eventually be cleaned up. Sendmail used to be a security nightmare. But despite its position as the #1 mail server software on the Internet, it's been quite a few years since any serious vulns were exploited.

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  3. Why is it always porn? by rhinokitty · · Score: 3, Insightful

    Does a light bulb dim in the minds of some computer users at the prospect of free pornography? It is the easiest thing in the world to get free porn online, why is installing something on your computer from a porn website all of a sudden appealing when a pop up window seduces you into it? I have a new term for this, it is called getting "FreePwned."

  4. Language is a Virus by Detritus · · Score: 5, Insightful

    200,000 web pages is not the same thing as 200,000 web sites.

    --
    Mea navis aericumbens anguillis abundat
  5. Re:how to detect by Anonymous Coward · · Score: 3, Insightful

    yes, I was wondering the same. suppose one had a site with phpbb installed and wanted to check if their site was one of those compromised. how would one go about that? tfa doesn't mention. it seems somehow half-assed to publish that several tens of thousands of sites have been compromised, yet not provide any useful information regarding detection, cleaning and prevention.

  6. ppl r stoop1d. by rice_burners_suck · · Score: 2, Insightful

    This is the kind of thing that really upsets me. I mean, if someone has the 1337z sk1llz to do this sort of thing, why aren't they using those skills to make a fortune, instead of using them to fsck up other peoples' websites? that sort of behavior ain't cool. in fact, it's decidedly uncool and people who act that way should be banished to a big island for criminals, like Australia.

    1. Re:ppl r stoop1d. by rolfc · · Score: 2, Insightful

      Obviously they think they are making more money this way. I for one is happily running Firefox with Noscript. That makes me feel safe.

  7. Making Open Source a harder sell by QuantumFTL · · Score: 3, Insightful

    Granted PHPBB was hacked because it's poorly written and these sites were likely not kept up to date, but... these kinds of success large scale attacks really don't do much to show how much more secure open source software is - even very popular FOSS like this!

    Yeah yeah, I know I'll be marked as troll/flamebait or whatever... but I don't see any upmodded discussion of this, it's a serious issue, if only for the perception it fosters in the industry.

  8. Re:punBB by Goaway · · Score: 2, Insightful

    No, that's why you're not supposed to use software which is so full of holes that the only way to keep it safe is to continuously upgrade as the problems are discovered one after another.

  9. Re:why this happens by snarfies · · Score: 4, Insightful

    You tried to sue/arrest Zone-H? What are you, an idiot? THEY didn't hack your insecure website. They just reported on it. I suppose you'd also sue the local newspaper if they ran a story on your hacked website.