Posts tagged Security

I’ve been hacked, it looks like they got in through a Roundcube vulnerability and used my system as part of a DoS with kaiten.c. I have turned the server off completely for now. I’m part way through changing all my passwords and I will format the server tomorrow.

What a pain in the arse, at least it looks like script kiddies instead of anyone out to get me personally. Before I wipe the box I am going to have a look to see what they did, I will write it up if it’s anything interesting.

Rootkit hunter said the box is clean, anyone know of good ways / tools to see what the nob-head did?

- Dave.

Edit: It was my email server so if you don’t get a reply from me for a couple of days you know why.

Someone posted a comment to this blog earlier, looks like they where trying to use SQL injection to beat the spam filters or it may have been a real person trying their luck.

Anyway I find this stuff pretty interesting so I thought I would post the attack, here is what he posted:

Bill883205666′,’928884583billy@msn.com’,”,’10.134.123.1′,’2008-06-14 08:04:27′,’2008-06-14 08:04:27′,”,’0′,’lynx’,’comment’,’0′,’0′),(’0′, ”, ”, ”, ”, ‘2008-06-15 08:04:27′, ‘2008-06-15 08:04:27′, ”, ’spam’, ”, ‘comment’, ‘0′,’0′ ) /* | None | IP: 124.217.227.127

I think it’s pretty clever how he trys to make the SQL post his message with a fake IP address, I’m also really curious why he takes the trouble to add a fake spam comment to the end of the query.

Doing a reverse lookup of the IP address it seems to be someone’s server / hosting with a shared IP from svservers.com. I guess this guy didn’t get his own IP address.

Results

124.217.227.127 resolves to “svservers.com“

Top Level Domain: “svservers.com“

Country IP Address: MALAYSIA

Anyway that’s all for now, If anyone could explain more about what he’s up to I would be really interested to hear it.

Edit: My blog used to run Wordpress so this post made a lot more sense at the time. I now use CouchDB and comments are powered by Disqus anyway so it's kind of doubley pointless

I thought I would start off the blog with something hackery.. The other day my friend asked me to help get back into her Myspace account. She had forgotten the old email address she used to sign up to the site.

My mission was to figure out the email and password used, login and then update her email and password to the new ones she can remember. All I had to go on was the rough structure of the email address, she remember it was a hotmail.co.uk address and the words used.

It was something like two words and a number but she couldn’t remember how it went exactly.. e.g. herbert1wompom@hotmail.co.uk or herbertwompom@hotmail.co.uk or herbertwompom1@hotmail.co.uk or something similar. There where a few words and numbers she thought it probably was but she couldn’t remember the exact combination.

Anyway I figured the first step was to figure out what the exact email address was. I used the Myspace advanced search facility and started guessing combinations of the email address until a match was found. Eventually after 20 mins of guessing one of the email address’ linked to her profile so I was half way there.

Next I had to compromise the email account so I started trying to login to her Hotmail account with some of the passwords she thought it might be. After a while I realized that the email account didn’t exist (it must have expired) so I signed up using the appropriate account name to gain access to emails sent to that address.

Lastly all I had to do was go on Myspace and click the “I forgot my password” button and I had everything I needed. I logged into her Myspace profile and was able to update the email and password.

The main thing to remember from this is how powerful the Myspace search is. If I get an email from someone I can instantly search Myspace for a profile with that email address and find out a lot of personal information.