Pig Work

Weblog of Freelance Designer Steven Clark aka Norty Pig

4/2/2005

Uberdorks and Fultron Computing

Filed under: — nortypig @ 3:01 pm

It appears up for contention as to whether or not Uberdorks acutally did the defacing of the Advanced Guestbook 2.2, contrary to earlier articles on this blog. Indeed Nathan used the MySQL injection to enter and supposedly test some of the security on the Rivulet Print Studio site before his initial email to me. He states that he never entered after the update to version 2.3.1, never spamdexed then I gather, and definately didn’t go into the CPANEL of the website. So are there 2 hackers / crackers afoot? And who then are the Uberdorks and who do they claim to be?

Uberdorks was the group formed by three 4th graders who later in middle school formed Fultron Computing. As you see when you go to Uberdorks there’s a little redirect off to their Xoops site at Fultron. They apparently want to market themselves to companies as security testers and I’ve got to admit they’re pretty smart kids. So did they crack and deface the guestbook? Your call is as good as mine. If you’ve been guestbook defaced then they’re definately a place to ask about it. After all, even wolves can pretend to be wolves to get let out of the hen house.

3/2/2005

Guestbook Defacing is Popular

Filed under: — nortypig @ 10:24 pm

Today I learned a fair bit about guestbook defacers, how they exploit Advanced Guestbook 2.2 weaknesses by using a MySQL injection to get into the Admin area and can even take over your site from there. Wow! I learned how prolific they are with today alone nearly 200 recorded defacements just on one single security site which I found had its Guestbook defaced, too. So who are they really? Uberdorks (which incidentally is redirected to http://fultroncomputing.com/xoops-2.0.9.2/html/modules/news/) is a good place to start looking. And how can they operate? Why do they operate? Why doesn’t the law just take their computers and whollop the bejeezus out of their bare behinds? You make your own call here. I found the enlistment page for Umax-search too, enter your account number so they know where to pay you and I won’t put it up cos they don’t deserve the google juice from here. For a look at the dark side -

The tutorial on how to break into Advanced Guestbook 2.2 to deface or do your darkest deeds

The advanced tutorial for those who have grown tired of only defacing guestbooks

There’s nothing like going to have a look at these guys in the wild to make you put up your defences and clean up your act, they’re up to a lot of mischief. For me, well I just don’t know how you can openly hand out software like password crackers and not get arrested?! There are a number of defences you can put into place from the get-go though to protect your Advanced Guestbook installation such as rename your files from the default, change where they are kept in your file structure, use .htaccess to your advantage, change your passwords on your actual website as well as the guestbook, get your server to ban their IP and contact their server administrator, apply the security patches if any are available, delete the server administration logon link and using a robots.txt file to block bots from going in there. Another thing, suggested by Nathan, was to make the guestbook files read only which makes obvious sense. The number one method of finding your guestbook is a Google search! In the end I just took it off as nobody was signing it exept spammers anyway.

30/1/2005

Cracked Like a Soggy Sao (part 2)

Filed under: — nortypig @ 1:40 pm

Its a truth of the web but they’re out there, crackers, testing your security either out of bordom or a belief in what they do makes the enemy stronger. Well following my previous entry about having a guestbook hijacked by someone I got an email from a 14 year old boy in the United States explaining he is a ‘white cracker’ and not a ‘black cracker’ and apologising of sorts with all of his contact details to show his transparency. Which was kind of cool and assuring. It turns out Advanced Guestbook 2.2 has a MySQL injection security hole that allows these guys to romp in and out. So upgrade to Advanced Guestbook 2.3 was his message.

Well young Nathan’s site is Uberdorks if you’re interested in the enemy. How about someone giving him some work in the field to keep him honest. I really hate to see brains wasted to the dark side.

29/1/2005

Cracked Like a Soggy Sao (part 1)

Filed under: — nortypig @ 2:22 pm

Security, it seems, is never a thing to be taken for granted and one would think the most mundane of guestbooks for the Rivulet Print Studio would be quite ignorable by crackers. What do they have to steal or wreck - honestly. Out of 3 legitimate entries in the guestbook over the last 3 months I was one of them and so equate to 33.3% of the commenting public. I’m not a great fan of guestbooks for that reason - effort vs result.

So anyway, however long it took this person to crack a guestbook with one of the lamest passwords in history is anyone’s guess. Maybe even say five minutes. Today I spent some time deconstructing the PHP and database to see what they’d actually got up to in there. Cool dude but just not the National Bank of Argentina ay. I had a chuckle. Anyway the client never even realised so no skin off the old noggen today thankfully, its fixed and up apologetically. A simple reinstall would have taken me much less than the 5 minutes it took to give me a black on black spam sandwich lol.

Sitemap