Fidonet Portal






From: Heike Svensson (1:396/4)
To: All
Date: Sun, 14.06.20 12:57
How to contact web site operator to report hack?
From: Heike Svensson <hsvensson.1093x1_q@hotmail.nospam.com.please>

A website I frequent was defaced at around 10:30 this morning. All of
the pages were blanked and replaced by cryptic nonsense.

All attempts to contact the site operators have failed. Obviously the
feedback form on the site's unavailable. But making matters worse I get
what I presume are user unknown errors (it says "<webmaster@domain>:
invalid address (state 14)", to be precise) for webmaster@domain,
postmaster@domain, root@domain, nobody@domain, and hostmaster@domain,
which pretty much exhausts the likely technical contact email addresses.

Is there any other likely way of alerting the operators of the site to
the hack so they can undo it? They aren't discovering the problem on
their own, as evidenced by it still being defaced a full three hours
later -- it doesn't take that long to restore the nightly backup and
reboot a server.

I fear that the hackers didn't just get into the webserver through a
phpBB vulnerability, but also got at the mail server and disabled all
the email accounts to prevent alerts like mine from getting through. I'd
need to know if there's a way to discover other usable email addresses,
not at the domain in question and handled by a different MX, via whois
type tools.

Alternatively, if the hack didn't set off some kind of automatic alarms
and wake up the site's admin, what might do so instead? Something that a
random user can do, after the hack. A DoS attack? I'd prefer something
less drastic though, for obvious reasons.
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

From: Eli the Bearded (1:396/4)
To: All
Date: Sun, 14.06.20 12:57
Re: How to contact web site operator to report hack?
From: Eli the Bearded <*@eli.users.panix.com>

In comp.infosystems.www.misc,
Heike Svensson <hsvensson.1093x1_q@hotmail.nospam.com.please> wrote:
> Is there any other likely way of alerting the operators of the site to
> the hack so they can undo it?

Find a non-email contact method on a page archived somewhere else? Google
cache or archive.org?

> They aren't discovering the problem on
> their own, as evidenced by it still being defaced a full three hours
> later -- it doesn't take that long to restore the nightly backup and
> reboot a server.

Thus restoring it to the hackable state again. No, you want to do
better clean up than that. Still, you'd expect the bad site to be
taken down while working on it.

> I fear that the hackers didn't just get into the webserver through a
> phpBB vulnerability, but also got at the mail server and disabled all
> the email accounts to prevent alerts like mine from getting through.

Stealing the domain name could do that. Internal checks on the site
would not fail, because that would all still be working, but nothing
would be reaching the real servers.

Elijah
------
suspects domain stealing happens a lot less than other attack methods
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)

ABOUT

This forum contains echomail areas hosted on Nightmare BBS You can browse local echomail areas, italian fidonet areas and a selection of international fidonet areas, reading messages posted by users in Nightmare BBS or even other BBSs all over the world. You can find file areas too (functional to fidonet technology). You can browse echomail areas and download files with no registration, but if you want to write messages in echomail areas, or use fidonet netmail (private messages with fidomet technology), you have to register. Only a minimal set of data is required, functional to echomail and netmail usage (name, password, email); a registration and login with facebook is provided too, to allow easy registration. If you won't follow rules (each echomail areas has its own, regularly posted in the echomail), your account may be suspended;

CONTACT