Saturday, July 30, 2011

HALP! I'm lost!

Update 2022/12/20:

I don't know if blackhats can all be considered the same anymore... I mean, with the added number of wipeware out there and all.

I haven't done security in ages, I'm just publishing this again because it is still funny. I got a little paranoid a couple of years back and removed this.

The post is supposed to reflect the state of security in the past. Today if you host your website like this I don't understand how you can still afford servers.

Old PHP was such a pain before proper use of version control. I removed some names... the original MOTD I set up was meant to be scary so people would move out. I have no idea if the server was ever formatted. I never touched that host again after I set up the MOTD

Foreword (Added: 10/01/2013)
This post is written in a comical tone. Probably nobody but IT nerds will get half the content. It denotes the zeitgeist of the time while most of us dorks were fighting cyber wars. Also, only half the information here may be true.
---
I skipped a night out to work on a hacked server... Its tough fixing the mess other people make sometimes. This is a tiny peak at what an honest geek does to earn a living. There's no glory or banter.
My mother thinks I should start my own business ASAP!
Everybody wants to partner with me.
I don't feel like I know enough to do anything yet! But perhaps that's just the problem...
So to condense everything together.. even as there is sometimes too much to do, I ain't gonna do it if at least I don't get some payment or recognition!
I was asked to partner up with a guy on an ecommerce gig. This is harmless enough to say.. since everybody wants to do something with ecommerce. Now I go and say, I'm getting into ecommerce and a guy says he's into something BIGGER! I wonder what that could be?

Regardless, with everything going crazy and me figuring out I gotta fix something, there's this hacked server I gotta take a look at...

So, okay... just a simple google search actually fixed my problem pretty fast coz this was so OLD!! Google could easily index it.
Now, what about the 0day?! 0day are becoming corporate secrets!
Call me an optimist, but there will be something called super-security. and I think its gonna be a transparent, regardless for the need of encryption, we will know where the money goes!
Now, I'm mainly writing this because I can't go any further... It'd probably be illegal for me to download other's people sites, even though I might be doing them a favor.

I'd like to save their shit in case something happens to this machine, its been hacked since 2009.

What do I do?!

- I've set up e-mail bomb alert for guy that owns the machine.
- I've set it up for myself as well
- I've downloaded my partner's own stuff
- I've put out a BIG MOTD about the hack since LOTSA people have r00t on this machine.

and now, the funnies:
Old MOTD:

***********************************
Warning, changing system files will
void your warranty. Ensim.
***********************************

New MOTD:

*********************************************************
¡THERE IS NO WARRANTY!
*********************************************************
This server is comprised. PROOF:
http://*************.com/test.php

It was an old vulnerability described here:
http://smaert.com/apache_mischief/writeup.txt

Its probably been hacked since 2009.

¡¡¡BACKUP YOUR SITES UP

¡¡¡THIS SERVER WILL LIKELY BE FORMATTED!!!

Frank should update the software.
btw. http://thepiratebay.org/torrent/6571301-
*********************************************************
¡YOU MAY LOSE YOUR DATA!
*********************************************************
mail if you'd like to move host fast
The nice thing is that hackers tend not to break your
data.. Even blackhats have hearts <3

AND

I don't think that trying to steal customers from a guy that doesn't take care of his business is so wrong, after all... he could be hurting them.

ALSO

This is a test to see if my content gets censored on Blogger too! Wherein I link to the Fuck FBI Friday III: ManTech dataleak by ANTiSEC.

YES THOSE CONTENT SCANNING SPIDERS DO WORK! I WORKED ON THEM TOO!!!

Question is who can we really trust? I trust that there is good in the world and people that take on shitty jobs just because its the right thing. In reality nobody is in control of anything and Anarchy is a natural state. And as I'm told its a source of love.