I hope I'm not the only one who thinks that this is taking things too far. Compromising his server is one thing, compromising his health and delving into his personal life and exposing the details of others who have no relation to this little vendetta is another. Personally, I hope whoever is responsible gets caught.
Yeah I was coming to post the same thing. I "kind of" feel bad for this guy. Granted he might not be the most ethical of people, this might be going a little over the line. I wish I knew some back story as to why they are going after him other than just the fact that they run a crappy site (astalavista.com).
It might be because he has a script to mirror milw0rm - line 1387 states "If you by any means mirror milw0rm / exploits, you are a target and you _will_ be rm'd. only a matter of time."
Maybe not the primary reason, but probably a contributing one.
Seems like people are discovering "hacklogs"; they're published in scene zines and are mostly harmful. The only reason to read them is for schadenfreude; it's usually one hacker taking out another, I don't think the misfortunes of civilians are logged.
For a glimpse into this, and for the most entertaining hacker interview ever conducted, I invite you all to read the phrack interview with The Unix Terrorist:
i mentioned it in the other thread, but i read them to see what other people are doing wrong in order to remind myself of what i need to do to do things right.
Hard to believe that. If you can grok the logs you probably know how and why the hack works. Plus they're not too informative, for example, few of them show the version of an application under attack, and a good chunk of the time you will see a line like:
~ $./domagic
~ #
Where `domagic` is published script.
There are good texts to read for security, and imo, lamer logs are not exactly at the top of that list. Read the public disclosures, advisories, PoC code; not the private gloating of hackers :-)
Let's not split hairs here. Of course you learn something from them, but be honest, aren't you smiling the whole time you read them? They're hacker tabloids; our version of seeing an actor in their fat, pale naked beach body.
I can't believe anybody would take a marker to a lamer log and "dive into it" looking for Knowledge(TM).
i don't take a marker to anything i find on HN, yet i still participate in the community and read the submissions in an effort to look for Knowledge(TM).
While it sucks for the people involved, these posts just got me to go verify that all my sites have backups setup, and that the backups cannot be deleted via ftp
The best way to prevent against that is not having your production boxes copy backups elsewhere, but rather have other boxes, if possible ones that are unreachable from the outside, fetch the backup. The most secure backup machine exposes no services and only fetches backups. No one will detect the box and no one will detect where the backups are stored, unless they wait around on your box for the backups to be fetched. Even then, what are they going to do? A box that only allows outbound connections is very hard to hack.
The good part - we get a view of what one does when on gets into your box, this is good enough to build defense/alert systems against such activities...
There is not much to learn: 99% of the hacklog is looking around (ls, cat, mysql show tables ...), 1% is rm'ing and dropping database. Interesting things like vulnerabilities, exploit methods were done by some appear-out-of-thin-air magic scripts.
I hope I'm not the only one who thinks that this is taking things too far. Compromising his server is one thing, compromising his health and delving into his personal life and exposing the details of others who have no relation to this little vendetta is another. Personally, I hope whoever is responsible gets caught.