To
Admin:
I've removed the logs to erase my own presence. I haven't checked your
other directories
nor have i deleted anything from your harddisk. I haven't planted any
backdoors or stolen
any data from your harddisk. My purpose was to warn you and other potential
administrators
who are reading this defacement on any of the hacked archive mirrors
that their webservers
are potential to some known web-vulnerabilities which can lead to a
hack/defacement. Your
default.htm has been backed up as default.bak. It can be access right
here. If you need more
assistance
into fixing your webserver, then you can contact me at the following
e-mail address : neonlenz@hushmail.com
A Grey-Hat
Contribution this time:
----------------------------------------------
A small
explanation:
This site was hacked using an "Input
Validation Attack".
These kinds of attacks are usually executed by receiving input of external
users.
The input are usually given and received via port 80 which is then
executed by an
ASP/CGI program. Some script (usually samples from a webserver
software) in your public
directory will then progress the input given by the external user.
There are various vulnerabilities
on the web, some of them allow external users to view and download
files where they shouldn't
have access to, some causes webservers to hang and some even allow
external users to give
commands which are going to be executed locally on the remote webserver.
(Able to spawn a C:\)
What you
can do to
prevent that:
Very simple, by removing all the unnecessarily samples and subdirectories
like /cgi-bin in your public directory. If you really have the need
to use the
samples or the subdirectories, then you will need to contact your software
vendor for help or just visit your software vendor's website for official
patches.
P.S. : Sorry for my poor English.
-------------------
SHOUTS TO:
------------------
/ Tribunal / Herbless / Fux0r / nexus /
G-Force Pakistan / Ne[r0 / electr0n /
/ dislexik / pr|est / F0kus / Zyvr / Attrition
/ Alldas / Haxordot / u4ia / sleight /
/ Cisco / {} / Nohican / DarkSky / Dutch
Hackers / Packetstorm / KeyDet89 /
If you want to send me an e-mail send it to neonlenz@hushmail.com
Penetrated By Neon-Lenz as a grey-hat project to warn insecure webservers.