Welcome to NFE Online, a full Internet Service and Content
Provider
- Secure it like a full Internet Service and
Content Provider would do.
You are welcome to browse our Public Website or you can
Logon to our private Web Site if you have an account.
- Public Web site ? External users can browse
even MORE than only your Public Web Site.
Clients/Visitors of NFE Online, click here to enter the original website.
To
Admin:
I've removed the logs to erase my own presence. I haven't checked your
other directories
nor have i deleted anything from your harddisk. I haven't planted any
backdoors or stolen
any data from your harddisk. My purpose was to warn you and other administrators
who are reading this defacement on any of the hacked archive mirrors,
that their webservers
are potential to some known web-vulnerabilities which can lead to a
hack/defacement. Your
index.htm has been backed up as index.bak. It can be access right
here.
If you need more assistance
into fixing your webserver, then you can contact me at the following
e-mail address : neonlenz@hushmail.com
---------------------------------
The
Grey-Hat
Project:
----------------------------------
A Small
Explanation:
This site was hacked using an "Input
Validation
Attack".
These kinds of attacks are usually executed by receiving input of external
users.
The input are usually given and received via port 80 which is then
executed by an
ASP/CGI/CFML program. Some script (usually samples from a webserver
software) in your public
directory will then progress the input given by the external user.
There are various vulnerabilities
on the web, some of them allow external users to view and download
files where they shouldn't
have access to, some causes webservers to hang and some even allow
external users to give
commands which are going to be executed locally on the remote webserver.
Those are usually
done by spawning a remote shell using the interpreters cmd.exe (NT-lineages)
or command.com (9x-lineages) ).
Update: Input Validation
Attacks are not ONLY limited to NT/9x
running IIS,
Input Validation Attacks can also be found on IRIX (often seen) and other
*nix-based servers running any kind of webserver OS with CGI enabled.
What you
can
do
to
prevent
that:
Very simple, by removing all the unnecessarily samples and subdirectories
like /cgi-bin in your public directory.
If you really have the need to use the
samples or the subdirectories, then you will need to contact your software
vendor for help or just visit your software vendor's website for official
patches.
If you want more info about Computer Security, visit the following resources:
Packetstorm - (Biggest
Security-Archive on the web, very up-to-date, community's favorite)
SecurityFocus - (Home of
Bugtraq, the webmasters are well-known to the security-community)
NT-Security - (Created some
nice NT-tools for you to test, small and compact, a must)
Wiretrip (Good resource for
info about Input Validation Attacks, the webmaster is actually the one
who made it famous)
Technotronic - (Nice Microsoft
Archive, webmaster is the creator of the famous WinFingerPrint)
Alldas (Great all-round security
website, hosting hacked websites, exploits. Are you a German Admin?, check
it)
Darknet (Hosting exploits, which
you can use to test your own server, also the biggest Exploits archive
on the web)
Attrition - (famous website,
Government's and the Security Community's favorite, hosts hacked websites).
None of those websites mentioned are affiliated with me in any
means,
so don't bother them concerning this defacement. Thank you.
P.S. : Sorry for my poor English.
-------------------
SHOUTS TO:
------------------
/ Tribunal / Herbless
/ Fux0r / nexus
/
G-Force Pakistan / Ne[r0
/ electr0n /
/ dislexik / pr|est
/ F0kus / Zyvr
/ Attrition / Alldas
/ Haxordot / u4ia
/ sleight /
/ Cisco / {}
/ Nohican / DarkSky
/ Dutch Hackers / Packetstorm
/ KeyDet89 /
If you want to send me an e-mail send it to neonlenz@hushmail.com
/ Penetrated By Neon-Lenz as a grey-hat project to warn insecure webservers. /