Ming the Mechanic:
Hacked
The NewsLog of Flemming Funch
 Hacked2005-02-09 09:00
18 comments
by Flemming Funch

Damn, my server was hacked. A vulnerability in the awstats log analysis program. Just announced last week, but not very widely, so I had no clue. Anyway, the result was that every file named index on the server got replaced with a graffiti page from some Brazilian hackers. Big pain. There are 7455 index pages on my server. Anyway, hole closed, and the most important ones restored. But if you have a website here, you better check it out.

And I can see in Google that lots of other sites suffered the same fate. This is what the page said:
SIMIENS CREW

Enquanto Houver Fome Guerra Morte Simiens Existirá!

irc.gigachat.net #simiens

Greetz: #un-root #commandt #h4ck3rsbr #asc #infektion and all friends!

Well, I'm not one of those, I can tell you that.


[< Back] [Ming the Mechanic]

Category:  

18 comments

9 Feb 2005 @ 09:18 by vibrani : Yep, pretty nasty stuff
I wondered if the site got a virus, too. It was freaky coming here and seeing that page instead of NCN. Glad you got it fixed and fast.  

9 Feb 2005 @ 09:57 by vaxen : Yeah,
Simiens Crew, a semi notorious band of Portugese (May be Brazil based) Hackers. The translation would go something like this:

"As long as there is Hunger, War, and Death, Simiens will exist!"

Guess they'll be around for a long time, eh?

However...

In the dreaded 'Pnoteftu' we find this:

"Telling the truth may not be advisable in situations where it would cause more harm than good. In an individual situation, this will always be a judgement call. Typically, this judgement call is based on true compassion (in Gotamo's sense), depending on the circumstances of the partner in the dialogue. 'True Compassion' (in Gotamo's sense) is a mental state rather than an physical emotion. In such a state an evaluation can take place whether a dialogue partner would suffer more by not knowing the painful truth than if the truth would not be announced at all."---M.S.

Personally I don't think Gotamo (Shakya Muni) had a lot of 'sense' left. Others may disagree, of course...

;)  

9 Feb 2005 @ 10:58 by vibrani : telling the truth
can be dangerous business; honest and thoughtful don't go hand in hand. If you admit you can play the accordian, no one will hire you for a rock 'n roll band....["Ishtar"]  

9 Feb 2005 @ 14:09 by jstarrs : Hell, I missed the fun...
...Simiens sounds like a monkey job to me.  

9 Feb 2005 @ 14:23 by martha : I slept throught it
just as well..................sorry ming, I can only imagine how frustrating this is.  

9 Feb 2005 @ 14:54 by ming : Files
The thing is that there's so many files and sites on the server that it is very difficult to get everything, and each fix has to be done manually. Many things are there for historical reasons, accummulated over 10 years, and I don't even know if the sites are really being used or not. Just like the list server has hundreds of mailing lists, and I'm not quite sure which lists are used and which are not.  

9 Feb 2005 @ 15:02 by jstarrs : Let me know if you need a hand, Ming.
;0)  

9 Feb 2005 @ 15:05 by martha : Manually
in this computer age! humph  

9 Feb 2005 @ 18:24 by vaxen : That...
is a really good reason to have a nice, fresh, backup. Ah well...I don't think we're talking 'real mischief,' here, like trojans and etceteras...lots of sites got the same little not and not just this site. I think if they were into real 'mischief' we wouldn't be here typing and you'd be down, some sites are, for quite awhile...

Seems some other sites don't believe in backups, or can't afford them, either. Trojan man to the rescue? I guess you missed my little notes here and there about back doors on your server, servers...that was awhile ago when shakti ma was still out and about...Mum's the word now. Seems nobody cares. ;)

But really, Simiens is just boasting... Kids will be kids. irc.gigachat.net Got irc? ;) Greetz in order?  

9 Feb 2005 @ 18:48 by ming : Automatic
Well, I wrote a little program now that identified all the defaced files and restored them if they were available. So, things are in relatively good shape.

As to backups, well, there's a daily job that is supposed to back up all web files and databases on the server, and copy them to another server. Supposed to. I hadn't noticed that it hadn't succeeded for the past month. Because, well, I no longer work for that company who's server I copied it to, so I couldn't go and check very easily. Anyway, I got another server now, so I'm going to start backing it up to that.

Vaxen, if you're aware of any security holes, please let me know. Yes, I know you've mentioned it once in while, but I need specifics.  

9 Feb 2005 @ 19:26 by Ge Zi @24.127.146.67 : alert network
Flemming,
do you know of some alert network for threats that are imminent of already rampant?
If not we should start one and have an RSS feed for it -
something like Linux-Web-Master Beware!
For wintel servers that feed would probably too busy, wouldn't it? ;-)  

9 Feb 2005 @ 19:30 by Ge Zi @24.127.146.67 : babba
Just a thought:
Brazilian hackers - who do we know in Brazil???
Who is in Brazil but is fleeing it right now - huh - HUH!
I remember when 'you know who' and I were room mates and he was doing his wild processing, the neighbor from downstairs was complaining he would be moving heavy machinery and we had lots of accidents out on the street.
Right - you-know-who - if you read this?  

9 Feb 2005 @ 19:35 by ming : CERT
{link:http://www.us-cert.gov|CERT} normally does a good job in announcing new vulnerabilities. I get them in e-mail. This one just didn't make the list. Anyway, it includes both windows and linux vulnerabilities.  

9 Feb 2005 @ 19:41 by vaxen : Heh, heh...
fleeing? Ah, that little purple notebook from hell? Carnival can be quite...well, sixteen dead in the first hour or so! You don't suppose...
Nah.

Nowadays, Flemming san, I am trying to keep my 'awakenings' to my GE alone. Fried eggs are best served cold.

http://www.innerworlds.50megs.com/  

10 Feb 2005 @ 19:50 by beto : A sense of shame
Only now I've seen your msg, dear Ming, and, as a Brazilian, I cannot avoid a sense of shame on such a manifestation of human stupidity. I feel sorry and wish I could do something on that matter. However, I believe that soon we'll see that the damage isn't so bad. I strongly have that faith, dear Ming!
Beto Hoisel  

10 Feb 2005 @ 21:29 by ming : Brazilians
Oh, it could have been any teenage kids anywhere. But in a certain way I think it is also something particularly empowering for kids from places where they might otherwise have few possibilities for excelling in life. Like, there's lots of Romanian hackers and scammers, for example.  

7 Aug 2006 @ 19:57 by jhonatan @200.131.68.7 : Simiens Crew
Simiens Crew = Hackers,the best hackers  

21 Apr 2016 @ 02:18 by Aileen @188.143.232.32 : lzzfUJRyOKptIc
Well macmiaada nuts, how about that.  

Other stories in
2012-05-03 00:04: An evolving path
2012-01-02 13:52: 2011 Accomplishments and 2012 Aims
2011-11-17 02:20: Your inner piece
2011-02-01 00:05: Slow Mo Flow
2011-01-22 18:40: Recognition
2010-08-23 00:36: Where's Ming?
2010-07-20 14:24: Getting other people to do stuff
2010-06-22 00:27: Inventory
2010-06-19 23:10: Conversations
2009-10-28 12:31: Then a miracle occurs


[< Back] [Ming the Mechanic] [PermaLink]? 


Link to this article as: http://ming.tv/flemming2.php/__show_article/_a000010-001468.htm
Main Page: ming.tv