Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

ubuntuforums.org timing out as of now but are we sure this is a malicious attack and not simply downtime?

If it is an attack, it just means a time bandit for the admins I suppose...



Screenshot: http://i.imgur.com/15u3X7V.png

HTML source: http://pastebin.com/raw.php?i=7JXk5s1F


That's awfully well laid out for a defacement page.


Elegant, minimalist, nice logo, nice typography. If I get owned, I want it to be by these guys.


Thanks to grandparent for posting. For a split second, I considered setting this as wallpaper on my laptop.

Then I remembered how much work this kind of prank generates for the system administrators.


It's finally happened, the penguins are fed up with the Linux caricatures.


I didn't take a screenshot, but I can confirm there was a message. Viewing my browser history, it apparently linked to this page: http://ubuntuforums.org/signaturepics/Sput.html

The top was a splash image that linked to this twitter account: https://twitter.com/Sputn1k_

Below was some text (scraped from Chrome's history database):

    Shoutout to @rootinabox.

    None of this "y3w g0t haxd by albani4 c3bir 4rmy" stuff.
    Straight up, you dun goofed. It's as simple as that.
@rootinabox linked to this page: http://wedtm.com/blog/2013/07/11/cubeworldforum-dot-org/


A few weeks back cubeworldforum.org was hacked (the forum referenced in that blog post) due to an administrator having their password compromised. The hacker replaced the index with a page with music and what not. From @Sputn1k on twitter it looks like he's the guy that hacked cubeworldforum.org too[1], so the wedtm.com link that @rootinabox went to is probably him just copying HTML he used last time and forgetting to correct the href.

[1] https://twitter.com/Sputn1k_/status/354362220727111681


God damnit, script kiddies like this really piss me off. I hope that Twitter has some sort of IP logging for logins so that they can at least start to attempt to catch this guy. He broke the law, and he should be charged as such.


I've been amused more than anything at the number of script kiddies that take to twitter to brag about their activities. They're painting a big fat target on the backs of their heads, convinced that they will never slip up and leak packets. Granted, if they truly are careful they won't get caught --at least not because of their twitter bragging. It just seems like an absolutely pointless risk to be taking.


I see this response in reference to how he may have done it:

---

@Sputn1k_ @CubeWorldForum It's a fairly easy "hack". You set your forum avatar to a remote site that actually serves up a meta redirect.

---


You set your forum avatar to a remote site that actually serves up a meta redirect.

That's... interesting. Like a php-generated image containing a redirect header, or a referrer check set up in .htaccess? I didn't know images were hackable like that, beyond just sending an alternative image for nonexistent referrers?

If anyone needed a good argument against blindly hotlinking to other sites' content I guess this would be it.


Can't access the site either, but I've just found this post on Google+ https://plus.google.com/103751102959761372959/posts/We8fexT5...


It was hacked, and Canonical IS cut it off from the outside to diagnose the issue.


Yes, aren't the forums run by a user named "Ubuntugeek" or something of the sort?


No. The forums are run by a community team of admins. The underlying infrastructure is managed by Canonical IS.


Could be a new kind of meta-ddos. Announce a site has been hacked on Reddit/HN, and the news about the hack becomes the hack. :D




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: