Apache Site Defaced

[William Knowles <wk () C4I ORG>]

http://www.wired.com/news/politics/0,1283,36170,00.html

by Michelle Finley
4:00 p.m. May. 5, 2000 PDT

While the rest of the world battled the "Love Bug" worm, free
Web-server software-provider Apache had problems of its own.

Due to system-level misconfigurations of ftpd and bugzilla, a hacker
was able to obtain a shell account and replace Apache's logo of a
feather and its "Powered by Apache" tagline with a Microsoft logo and
credit.

"Yes, the www.apache.org site was penetrated," said Ken Coar, a
director and vice president of the Apache Software Foundation. "The
penetration was through some network services that were configured
with an insufficient degree of paranoia. The penetration was not
through the Apache Web server software nor any of the other Apache
software, but through standard network utilities found on virtually
all Internet servers."

The people who penetrated the Apache.org system likely were "grey
hats," Coar said. The hacker spectrum runs from "black hats," who
would break in, do damage, and attempt to avoid tracing, to "white
hats," who would note the configuration problems and let the site
managers know about them without taking advantage of them.

"These people fall into the 'grey area' in between because they told
us about the problems, but not until after they had utilized them to
make some apparently innocuous changes," he said.

Cruciphux, publisher of the security and hacking electronic zine
HWA.hax0r.news, ezine said the site was defaced around 6:37 p.m. EDT
on May 3 by hackers known as "{}" and "Hardbeat."

"{} belongs to Buffer Overflow Security, a fledgling security group
consisting of ex-hackers and including people such as "mixter," who
wrote TFN, the DDOS-distributed attack tool recently brought to light
in the media by denial-of-service attacks on major websites," the
ezine wrote.

A mirror of the defaced site can be found on the Attrition.org mirror
site and specific details of the break-in can be found on Apache's
site.

"They came right out and admitted what had happened and said they were
at fault," said OpMan, a New York-based computer systems enthusiast,
who noted that "you won't see Microsoft taking the blame for the
ILOVEYOU debacle."

"This was a classy hack," Cruciphux said. "It ended almost like a
fairy tale. Although tracks were covered and logs cleared, it was
decided to alert the apache.org people about the condition and a
meeting between the intruders and Apache ensued. Not all defacings go
this way, so kiddies remember: It is still very illegal and risky to
do this. Be warned."

[Archived copy of Apache defacement:
http://www.attrition.org/mirror/attrition/2000/05/03/www.apache.org/ ]


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".