Heike Svensson
2011-07-31 17:50:57 UTC
A website I frequent was defaced at around 10:30 this morning. All of
the pages were blanked and replaced by cryptic nonsense.
All attempts to contact the site operators have failed. Obviously the
feedback form on the site's unavailable. But making matters worse I get
what I presume are user unknown errors (it says "<***@domain>:
invalid address (state 14)", to be precise) for ***@domain,
***@domain, ***@domain, ***@domain, and ***@domain,
which pretty much exhausts the likely technical contact email addresses.
Is there any other likely way of alerting the operators of the site to
the hack so they can undo it? They aren't discovering the problem on
their own, as evidenced by it still being defaced a full three hours
later -- it doesn't take that long to restore the nightly backup and
reboot a server.
I fear that the hackers didn't just get into the webserver through a
phpBB vulnerability, but also got at the mail server and disabled all
the email accounts to prevent alerts like mine from getting through. I'd
need to know if there's a way to discover other usable email addresses,
not at the domain in question and handled by a different MX, via whois
type tools.
Alternatively, if the hack didn't set off some kind of automatic alarms
and wake up the site's admin, what might do so instead? Something that a
random user can do, after the hack. A DoS attack? I'd prefer something
less drastic though, for obvious reasons.
the pages were blanked and replaced by cryptic nonsense.
All attempts to contact the site operators have failed. Obviously the
feedback form on the site's unavailable. But making matters worse I get
what I presume are user unknown errors (it says "<***@domain>:
invalid address (state 14)", to be precise) for ***@domain,
***@domain, ***@domain, ***@domain, and ***@domain,
which pretty much exhausts the likely technical contact email addresses.
Is there any other likely way of alerting the operators of the site to
the hack so they can undo it? They aren't discovering the problem on
their own, as evidenced by it still being defaced a full three hours
later -- it doesn't take that long to restore the nightly backup and
reboot a server.
I fear that the hackers didn't just get into the webserver through a
phpBB vulnerability, but also got at the mail server and disabled all
the email accounts to prevent alerts like mine from getting through. I'd
need to know if there's a way to discover other usable email addresses,
not at the domain in question and handled by a different MX, via whois
type tools.
Alternatively, if the hack didn't set off some kind of automatic alarms
and wake up the site's admin, what might do so instead? Something that a
random user can do, after the hack. A DoS attack? I'd prefer something
less drastic though, for obvious reasons.