PDA

View Full Version : Ubuntuforus thread hacked



ubuntu27
July 9th, 2010, 06:39 PM
Hello all.
I was browsing at ubuntuforums.org today and found a thread that upon opening it, it shows a page that proclaims that it got hacked [cracked] by Ahiyane Digital Security Team.

The tread's original tittle was Lucid open for development (http://ubuntuforums.org/showthread.php?t=1312571) which was automatically posted by Ubuntu's The Fridge (http://fridge.ubuntu.com/)

http://ubuntuforums.org/showthread.php?t=1312571

I have attached a screenshot.

Weird, uh?

98cwitr
July 9th, 2010, 06:40 PM
pwn3d

FuturePilot
July 9th, 2010, 06:45 PM
Hacked indeed. It's that second post that was posted recently somehow inserted some javascript.

cariboo
July 9th, 2010, 06:47 PM
You should click the report abuse button instead of creating a thread.

Excedio
July 9th, 2010, 06:47 PM
Have you reported it yet?

McRat
July 9th, 2010, 06:47 PM
They exploited a hole in vBulletin.

You would hope if they are truly a "security" club, they already notified vBulletin.

Excedio
July 9th, 2010, 06:48 PM
You should click the report abuse button instead of creating a thread.

Can't click Report Abuse if there is not a button there to click.

FuturePilot
July 9th, 2010, 06:49 PM
Can't click Report Abuse if there is not a button there to click.

There is if you use Noscript ;)
Anyways, reported.

frt975
July 9th, 2010, 06:51 PM
I did a little research and

2. Ashiyane Digital Security Team
Another of the more well known Iranian hacking teams is the Ashiyane Digital Security Team. According to Zone-H, the Ashiyane DST is accredited with 3,007 attacks of which 396 were single IP attacks and 2611 were mass defacements. [Zone 05] Their website is included below. A simple Google search of the team name yields numerous web sites that have been hacked by the Ashiyane DST. Like the IHS, this team’s principle motivation is to sell its security consultation, web hosting, and network consulting services. There was also some evidence of this team having using political motivations to hack. A defacement of a National Aeronautics and Space Administration (NASA) website below also questioned the United States’ Middle East foreign policy. Other attacks by Ashiyane were simply used to put their name with links to their website on the world-wide web. According to their website, the Ashiyane DST appears to be fairly well organized. They have several teams including management, training, defacement, and software programming teams. There were biographies listed for 15 members of the team. The team leader is Behrooz Kamalyan who goes by the nickname Behrooz_Ice. The team member’s ages ranged from 16 to 28. The member of this group had a wide variety of computer related skills. Most of the team members boast experience in the major operating systems such as Windows, UNIX, Cisco IOS, and LINUX. Many of them had programming experience in languages such as C, C++, VC++, Delphi, and Perl. All of them claimed some sort of hacking capabilities to include firewall penetration, social engineering, php database hacking, operating system penetration, shareware cracking,
and decoding program executables. Several of these members conducted classroom training for a fee on topics such as basic, advanced, and professional levels of hacking, hacking tools, and a list of other programming languages, operating systems, and professional certifications. These classes were taught in an audio/visual classroom at a vocational school in Tehran. The cost of hacking training varied by the level of instruction; the basic course cost approximately $200.00 for 40 hours of instruction while the professional level course cost approximately $355.00 for the same amount of instruction time. The Ashiyane DST appears to a very active and a well structured organization for hacking in Iran. Its members have a vast amount of technical knowledge and experience that could be used to develop a government sponsored CNA/E capability.

from http://forums.islamicawakening.com/f18/iranian-hacking-groups-24288/

Excedio
July 9th, 2010, 06:52 PM
There is if you use Noscript ;)
Anyways, reported.

AHA! I'm at work at the moment so I'm currently running IE7.

fatality_uk
July 9th, 2010, 06:54 PM
It's a simple div script, not really hacking!

frt975
July 9th, 2010, 06:59 PM
it went away before i could get a screenshot :(

Excedio
July 9th, 2010, 07:03 PM
it went away before i could get a screenshot :(

There is one in the first post.

ubuntu27
July 9th, 2010, 07:18 PM
You should click the report abuse button instead of creating a thread.

The thread is question does now show any controls [e.g. not report button], so I could not reported it.

koenn
July 9th, 2010, 07:24 PM
It's a simple div script, not really hacking!
I agree with the "not really hacking".

otoh, afaics it appears possible to create a post that calls an external script that gets executed on the client. that external javascript can be pretty much anything - in this case it does just an overlay on the page in question to show their 'hacked by" msg, but it could have been any action a browser is capable of.
This is not a good thing. It's not OK for a web site to allow this.

McRat
July 9th, 2010, 07:27 PM
Somebody left the HTML permissions on.

McRat
July 9th, 2010, 08:00 PM
Here's the issue. Being able to post HTML is very handy when you want to put out announcements that were written in HTML format.

However, you need to control who can post HTML, and 3.x vBulletin doesn't restrict HTML permissions by usergroup, but by forums instead.

So you need to turn off Registered User posting permissions for that forum. Only allow Admin, SuperMod, and Mod to post there.

koenn
July 9th, 2010, 08:28 PM
However, you need to control who can post HTML, and 3.x vBulletin doesn't restrict HTML permissions by usergroup, but by forums instead.

or limit html to a subset of tags, and not include script tags ?
(I don't know if vbulletin can do that, but it used to be the recommended practice for sites that allow user input, like the website guest books of the nineties)

schauerlich
July 9th, 2010, 08:30 PM
Hackers on steroids!

fatality_uk
July 9th, 2010, 08:56 PM
Script Kiddies. No more, no less.

dragos240
July 9th, 2010, 08:58 PM
Hackers on steroids!

Anonymous?

earthpigg
July 9th, 2010, 09:14 PM
Hackers on steroids!

Anonymous?

>implying that /b/ is more organized and smarter than an unruly mob
>myface.jpg

dragos240
July 9th, 2010, 09:22 PM
>implying that /b/ is more organized and smarter than an unruly mob
>myface.jpg

http://www.google.com/url?sa=t&source=web&cd=1&ved=0CBYQtwIwAA&url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DDNO 6G4ApJQY&ei=-4Q3TI-YIMaqlAeBoIHWBw&usg=AFQjCNH8IxkBynRpJwsCxwhOhb85Fe1fuA&sig2=ohBhEXRRhvVCyTyNz1nGPQ

earthpigg
July 9th, 2010, 09:27 PM
(link to fox news pouring gasoline on the minor spark)

i like the one where oprah is trolled. what oprah says on daytime television is not appropriate for this forum, but im sure you can find it.

her advocacy of "giving law enforcement the resources they need", another way of saying abolish net neutrality, is also interesting. we are at risk of being trolled & pranked into creating a Police State.

ov3rcl0ck
July 9th, 2010, 09:47 PM
If they injected jscript then it sounds more like a vB misconfiguration on the admins part.

as McRat said

However, you need to control who can post HTML, and 3.x vBulletin doesn't restrict HTML permissions by usergroup, but by forums instead.

They're a bunch of Yahoo chat kids. Some group of 1337 hax0rs, they're a bunch of teens from Iran that like snoop dog.

The attack was pretty simple, and it was not anonymous, because honestly, anonymous is just something a bunch of kids call themselves when they deface a website. And the attack was obviously from Iran, seeing as they left the message "We love Iran".

koenn
July 9th, 2010, 10:14 PM
javascript, not jscript.

and the actual "attack' was a script hosted on a server with an ip adress belonging to an ISP in Houston, Texas.
anyone can write "we love Iran", it's not really limited to people who actually live in Iran.

mystmaiden
July 10th, 2010, 06:20 PM
If their point is truly to drum up security business, why on earth would anyone actually Hire someone who defaces other people's sites whether it was with a script or an actual hack...lol

McRat
July 10th, 2010, 06:32 PM
Here's what the package was:


var title = "H4cKeD By Ahiyane Digital Security Team";
var bgcolor = "#000000";
var image_url = "http://anti206.persiangig.com/defaceash.JPG";
var text = "Defaced By Ashiyane Digital Security Team";
var font_color = "#FF0000";

deface(title, bgcolor, image_url, text, font_color);

function deface(pageTitle, bgColor, imageUrl, pageText, fontColor) {
document.title = pageTitle;
document.body.innerHTML = '';
document.bgColor = bgColor;
var overLay = document.createElement("div");
overLay.style.textAlign = 'center';
document.body.appendChild(overLay);
var txt = document.createElement("p");
txt.style.font = 'normal normal bold 36px Verdana';
txt.style.color = fontColor;
txt.innerHTML = pageText;
overLay.appendChild(txt);

if (image_url != "") {
var newImg = document.createElement("img");
newImg.setAttribute("border", '0');
newImg.setAttribute("src", imageUrl);
overLay.appendChild(newImg);
}

var footer = document.createElement("p");
footer.style.font = 'italic normal normal 12px Arial';
footer.style.color = '#DDDDDD';
footer.innerHTML = title;
overLay.appendChild(footer);
}

fatality_uk
July 10th, 2010, 06:38 PM
Sorry I thought you just posted soemthing else!

tgalati4
July 10th, 2010, 08:53 PM
All your base belongs to Ashiyane.

RJARRRPCGP
July 10th, 2010, 09:37 PM
They exploited a hole in vBulletin.

You would hope if they are truly a "security" club, they already notified vBulletin.

Just like a cracker exploited a phpBB message board, at mixsig.net/nexus in 2007!

But unfortunately, for me:

vBulletin=The Microsoft of message boards.

----------------------------

And:

phpBB=The Debian of message boards.

dragos240
July 10th, 2010, 09:41 PM
The message is removed. Why are we still talking about it? The problem is now resolved.

RJARRRPCGP
July 10th, 2010, 09:42 PM
Somebody left the HTML permissions on.

That's not what it looks like here:


HTML code is Off

McRat
July 10th, 2010, 09:47 PM
Go into The Fridge Forum.

Click on any thread.

Look in the lower left (my other right) for permissions.

sudoer541
July 10th, 2010, 09:53 PM
Gotta blame the mods and the admins for not doing their job (monitoring and securing the forums:o)

Really disappointed at-ya!!!:(

McRat
July 10th, 2010, 09:57 PM
Eh...

This is really common. A lot of crap isn't seen by the Users.

Allowing HTML is very helpful, but it is very hard to secure against vandalism.

It's not right or wrong to allow it. It's just a big risk.