[Infowarrior] - Hundreds of Netsol Sites Hacked

[Richard Forno]

(c/o anonymous)

Hundreds of Network Solutions Sites Hacked
<http://www.krebsonsecurity.com/wp-content/uploads/2010/01/netsoldeface.jpg 
 >
Web site domain registrar and hosting provider Network Solutions
acknowledged Tuesday that hackers had broken into its servers and  
defaced
hundreds of customer Web sites.

The hackers appear to have replaced each site’s home page with anti- 
Israeli
sentiments and pictures of masked militants and armed with rocket  
launchers
and rifles, along with the message “HaCKed by CWkomando.”

According to results
<http://www.bing.com/search?q=cwkomando&amp;first=61&amp;FORM=PORE>  
for that
search term entered into Microsoft’s Bing search engine, there may in  
fact
be thousands of sites affected by this mass defacement.

One of the defaced pages belonged to Minnesota’s 8th District GOP,  
according
to a story
<http://minnesotaindependent.com/53933/eighth-district-gop-website-hit-by-an
ti-israel-hackers>  in The Minnesota Independent, which said the Arabic
writing that accompanies the defaced pages contains the dedication “For
Palestine,” and the repeated phrase “Allahu Akbar” [God is great].

Network Solutions said
<http://blog.networksolutions.com/2010/update-web-site-defacement- 
issue/>
the hackers were able to get in by exploiting a “file-inclusion”  
weakness in
the company’s Unix servers. So-called remote file inclusion
<http://en.wikipedia.org/wiki/Remote_File_Inclusion> attacks are quite
common, and can let attackers insert code that gives them backdoor  
access to
and control over the affected server. Network Solutions said it is in  
the
process of helping customers restore their sites.

“These incidents are regrettable and we apologize for the  
inconvenience,”
the company said in its statement.  “Due to the nature of the web, the  
race
between technology and the bad elements is a challenge that companies  
face
continually.”

Network Solutions said there was no danger to customers’ “personally
identifiable or secure information” as a result of the incident. Other
recent break-ins at NetSol have not been so benign: Last summer, hackers
broke into a number of Network Solutions Web servers and planted rogue  
code
that resulted in the compromise of more than 573,000 debit and credit  
card
accounts
<http://voices.washingtonpost.com/securityfix/2009/07/network_solutions_hack
_comprom.html> .

Let this be a helpful reminder to all of us who run a Web site that no
matter how much you have done to lock down your Web site, a hiccup,  
server
crash or break-in at your hosting provider can deep-six your site in a
heartbeat. If you don’t already know how to do so, take some time  
before it
is too late to learn how to backup and restore your site (look for a  
future
blog post for a primer or two on this very topic).