
Astalavista.com hacked, including details - gmazzola
http://astalavista.com/
======
gmazzola
Page as it appeared on June 5, 2009 12:15AM EDT:
<http://pastebin.com/f751e9f5b>

The post is a little low on details concerning the actual exploit used, but
there's pretty massive carnage. Let's hope the admins have offsite backups.

For those who don't know of Astalavista, it was a popular website for
"hackers" with relatively low-quality content. It started in 1994, and was one
of the first search engines for computer security information. It hosted
software exploits, and quickly degenerated into a forum for sharing software
cracks, spyware, and virii.

Being a security-related website, you'd expect the owners to be a little more
careful, which is why this is interesting.

~~~
enneff
They did have off-site backups, which the hacker found and erased.

One strategy that I employ to mitigate this is to have my backup service
connect to the production server, rather than the other way around. That way
if your production services are compromised, your backups remain untouched (on
a machine that's running no services, behind a firewall, etc, and for all
intents invisible).

~~~
jlcheng
I thought the typical definition of offsite backup also means data is backed
up to a media like tape and stored in a different location.

How is your offsite backup implemented? Is the data stored on a network drive,
or backed up to tape?

~~~
enneff
My understanding is that an offsite backup is, as the name implies, a backup
that is stored at a geographically separate location to your production site.

I have a few servers deployed at various locations around the world, and I
have a machine here at home that performs rsnapshot daily backups of their
files. I then make bi-monthly backups of those backups, and store them in a
saftey deposit box at a bank. This means that if my servers go down, I can
restore them to within a day. If my house burns down, I still have my data to
within two-weeks.

~~~
jlcheng
That's pretty much how it should be done. Let's hope the guys at astalavista
is smart enough to do that. Your approach adds an additional layer of
protection in case, as you'd put it, someone gets into your home server and
deletes them. That, and tapes are less likely to get corrupted or become
unreadable than the drives on your server, which may cut down on recovery
time.

When your business gets bigger, it might be worth it to look into dedicated
hosting and have the datacenter do the backup for you. After all, you want to
spend your time managing your IT crew, rather than driving those tapes to the
bank :)

------
gojomo
When a site is reported as 'hacked', am I alone in _not_ wanting to visit it
for a look-see? Aren't the same people who deface sites likely to try fresh
browser compromises against rubberneckers?

~~~
jameskpolk
That seems like a decent security precaution.

However, since astalavista was the site in question, you will probably be
_safer_ to visit _after_ the hack.

------
jrnkntl
This somewhat concludes the whole point of the hax0rs:

Quote: "plaintext passwords? yes, those so called "security professionals" who
charge you $6.66 / month to register at their hack-proof portal, save your
passwords in plaintext... brilliant!"

~~~
andreyf
I especially liked "philip"... one of the 100 most common boy names.

 _dark side of me_ : I wonder how many of those passwords work to get into
those e-mail accounts...

~~~
oscardelben
or bank accounts

------
dylanz
I think scrolling down that was more suspenseful than any book I've ever read
:)

~~~
mdolon
_mysql > drop database ..._ (x9 databases)

My jaws literally dropped when I got to that part.. that's gotta suck, even
for a crude site like Astalavista.

~~~
bdmac97
Not as bad as where they found the backup plan in the bash history, FTP'd to
their remote backups, and deleted them all...

------
dmix
Its the (other) hacker news this week on HN.

~~~
gmazzola
Indeed. I figured this particular piece of news would interest both types of
hackers, as it contains technical details you wouldn't expect from a standard
defacement. It's rather similar to the urge to rubberneck at a car crash: it's
both horrific and exciting at the same time.

If my assumption is incorrect and no one is interested, I will humbly tuck my
metaphoric tail between my legs and refrain from posting such things again.

~~~
dmix
That type of respect for quality makes HN great. </circlejerk>

------
Tom23
From Digg: <http://digg.com/security/astalavista_com_Hacked_2>

<http://romeo.copyandpaste.info> gives an idea about anti-security movement...

------
xtxlog
a bunch of people on efnet irc say that it was hacked by some guy named
darkpontifex or some group called dikline or something. supposed to not be a
litespeed vuln its actually an ntp daemon vuln just changed the name to
confuse people.

------
Hexstream
Read from line 1758 (at <http://pastebin.com/f751e9f5b>) and you'll see that
those astalavista guys have no taste... Good riddance.

------
andr
The hackers complain about Astalavista being targeted towards script kiddies.
However, it looks like they used a prepackaged exploit, too.

~~~
slater
i think that was the point: Astalavista is also an IT security company, yet
they can't even keep themselves from being hacked in every way possible, using
the simplest of prepackaged exploits available.

------
froo
I saw some paypal details in there aswell, I'm wondering if astalavista used
any of the same passwords to secure that account?

------
s3graham
Heh 13.33.33.37.

~~~
duskwuff
The tool they were downloading appears to have been private. Hence the
anonymized IP and hostname (anti.sec.labs).

------
Tom23
<http://pastebin.com/m592e1f1c>

------
ComputerGuru
The site is back up now...

------
c00p3r
2.6.18-128.1.10.el5 is the latest patchlevel of RHEL or CentOS kernels. It
seems like their security officers are sleeping on their keyboards. Good news
for so-called enterprise linux customers. amazon.com? =)

btw, this is merely good quality of system maintaince (of course, their backup
system is very funny), but this is very usual way people uses linux and oss
nowadays - no one cares to much, thanks to apt-get and yum and xen.

Linux is a mainstream now, nothing special, just stupid, plain activity. It
was cool when they were migrated from 2.4 to 2.6 kernel, or even from 2.1 to
2.2 glibc. Today it lost all its coolness and romance.

Just imagine what happening in corporate sector, who hires cheap boys or guys
from third-world, like me.

------
bdmac97
That was painful to "watch" happen to them. Lesson learned. Do NOT f __* with
hackers...

~~~
weaksauce
Yes and the fact that there are always smarter people with more time on their
hands than you out there on the internet.

~~~
sev
Well, I guess they deserve it for screwing people over $6.66/month at a time
for 15 years for distributing publically available material (literally).

------
gaius
Who? If it was altavista.com this might be news...

