Archives ||About Us || Advertise || Feedback || Subscribe-
-
Issue of August 2003 
-
  -  
 
 Home > News & Analysis
 Print Friendly Page ||  Email this story

Hackers taste their own medicine

Sunday, July 6th witnessed a mass hacking contest in which thousands of websites were attacked in a loosely coordinated effort to disrupt Internet traffic. A website named defacers-challenge.com declared that the contest aims to deface up to 6,000 websites within six hours. A perfect end to a quiet Sunday for CTOs worldwide.

Contestants gained points for compromised machines. Windows servers fetched one point, and HP-UX and Macintosh servers fetched five. The award was supposedly 500 MB of online storage, free hosting services, Web mail, unlimited e-mail forwarding, and a domain name of choice.

Here are a few technical guidelines suggested by Captain Raghu Raman, Global Practice Head, Mahindra Consulting Special Services Group to tighten network security. A hacker's contest or not, it pays to be secure anyway. Happy Sundays, everyone.

  • Make sure that default passwords are changed. This should include Web servers and any other servers that the Web server has a trusted relationship with.
  • Remove sample applications that aren't used anymore like CGI scripts and Active Server Pages, from Web servers.
  • Lock down Microsoft Front Page Extensions. By default, those extensions are installed in a manner that gives every user the ability to author Web pages, even through proxy servers. This recommendation also applies to Front Page Extensions installed on Unix platforms.
  • Turn Web server logging on. Logs are essential to determining how a defacement was accomplished so a recurrence can be prevented. Use of the extended log format is recommended.
  • Have a current backup of your Web server. In the event of defacement, a good backup is essential to quickly restore the server to its original status.
  • Apply the latest security patches to your Web server and underlying operating system after appropriate testing.

After the contest was over, the organizers saw that Zone-h.org, the Website designated to keep score of the hackers' progress was brought to its knees by a massive Distributed Denial of Service (DDoS) attack. A classic case of wrong-doers getting taste of their own medicine. This DDoS attack flooded the site with 900 Mbps of sustained traffic. It supposedly came from a group of Brazilian hackers unhappy about the contest.

 
     
- <Back to Top>-  

Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world.
This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.