Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > NZ domainz got hacked?

Reply
Thread Tools

NZ domainz got hacked?

 
 
Dave Doe
Guest
Posts: n/a
 
      05-15-2009
In article <(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed)
says...
> Dave Doe wrote:
> > In article <(E-Mail Removed)>, (E-Mail Removed)
> > says...
> >> Dave Doe wrote:
> >>> In article <(E-Mail Removed)> ,
> >>> (E-Mail Removed) says...
> >>>> In article <4a0b379a$(E-Mail Removed)>,
> >>>> (E-Mail Removed) says...
> >>>>> Dave Doe wrote:
> >>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
> >>>>>> @y10g2000prc.googlegroups.com>, (E-Mail Removed)
> >>>>>> says...
> >>>>>>> I seem to recall a while back that someone commented
> >>>>>>> about being unable to access Domainz....now I get a email
> >>>>>>> off them saying they have changed my password....after a
> >>>>>>> "security review"...
> >>>>>>>
> >>>>>>> yeah right.....
> >>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
> >>>>>> servers - just simple SQL injection IIRC, got the DNS
> >>>>>> records for several "big" NZ sites (not just msn) and
> >>>>>> redirected them.
> >>>>>>
> >>>>> DomainZ runs Windows servers. Front end is IIS 6.0
> >>>> They didn't hack those. They hacked the DNS servers, IIRC.
> >>> Here's some more info for yer...
> >>>
> >>> http://www.zone-h.org/news/id/4708
> >>>
> >>> Looks like they hacked cpanel or somethin.
> >>>
> >> Yeah, the DNS servers themselves were not hacked from that
> >> description. "SQL Injection" smells of MS SQL Server.

> >
> > ??? - how do you work that one out.
> >

> Most SQL Injection attacks are against MS SQL server.
>
> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
> gives 948,000 hits.


I still don't get it. This is a SQL injection attack on Linux -
statistics doesn't change that.

Infact, what does your stats have to do with anything related to the
post?

Would you like some more links re the hack?

--
Duncan
 
Reply With Quote
 
 
 
 
Enkidu
Guest
Posts: n/a
 
      05-15-2009
Dave Doe wrote:
> In article <(E-Mail Removed)>, (E-Mail Removed)
> says...
>> Dave Doe wrote:
>>> In article <(E-Mail Removed)>, (E-Mail Removed)
>>> says...
>>>> Dave Doe wrote:
>>>>> In article <(E-Mail Removed)> ,
>>>>> (E-Mail Removed) says...
>>>>>> In article <4a0b379a$(E-Mail Removed)>,
>>>>>> (E-Mail Removed) says...
>>>>>>> Dave Doe wrote:
>>>>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
>>>>>>>> @y10g2000prc.googlegroups.com>, (E-Mail Removed)
>>>>>>>> says...
>>>>>>>>> I seem to recall a while back that someone commented
>>>>>>>>> about being unable to access Domainz....now I get a email
>>>>>>>>> off them saying they have changed my password....after a
>>>>>>>>> "security review"...
>>>>>>>>>
>>>>>>>>> yeah right.....
>>>>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
>>>>>>>> servers - just simple SQL injection IIRC, got the DNS
>>>>>>>> records for several "big" NZ sites (not just msn) and
>>>>>>>> redirected them.
>>>>>>>>
>>>>>>> DomainZ runs Windows servers. Front end is IIS 6.0
>>>>>> They didn't hack those. They hacked the DNS servers, IIRC.
>>>>> Here's some more info for yer...
>>>>>
>>>>> http://www.zone-h.org/news/id/4708
>>>>>
>>>>> Looks like they hacked cpanel or somethin.
>>>>>
>>>> Yeah, the DNS servers themselves were not hacked from that
>>>> description. "SQL Injection" smells of MS SQL Server.
>>> ??? - how do you work that one out.
>>>

>> Most SQL Injection attacks are against MS SQL server.
>>
>> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
>> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
>> gives 948,000 hits.

>
> I still don't get it. This is a SQL injection attack on Linux -
> statistics doesn't change that.
>

Why do you think it is on Linux?

Cheers,

Cliff

--

The Internet is interesting in that although the nicknames may change,
the same old personalities show through.
 
Reply With Quote
 
 
 
 
AD.
Guest
Posts: n/a
 
      05-15-2009
On May 15, 5:47*pm, Enkidu <(E-Mail Removed)> wrote:
> Most SQL Injection attacks are against MS SQL server.
>
> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
> gives 948,000 hits.


Not really relevant - SQL injection attacks aren't attacks exploiting
a DB server problem, they are attacks against the application using
the DB. It is a measure of the application or the framework it is
built on rather than the DB itself.

--
Cheers
Anton
 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      05-15-2009
AD. wrote:
> On May 15, 5:47 pm, Enkidu <(E-Mail Removed)> wrote:
>> Most SQL Injection attacks are against MS SQL server.
>>
>> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
>> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL
>> Injection" gives 948,000 hits.

>
> Not really relevant - SQL injection attacks aren't attacks exploiting
> a DB server problem, they are attacks against the application using
> the DB. It is a measure of the application or the framework it is
> built on rather than the DB itself.
>

Sure SQL Injection is a user input sanitization problem, but if the
attacker can get away with it, he/she will need to code his attack
correctly depending on the back end database. MS provide URLScan which
can help prevent attacks, but that merely trying to patch over the
cracks. The programmer needs to sanitize the user input.

Where was I? Oh, yeah, regardless of the above, specific databases are
vulnerable in specific ways
(see http://www.linux.com/archive/feature/54584 for a PostgreSQL
example) and MS SQL server *appears* to be more vulnerable than most.

Cheers,

Cliff

--

The Internet is interesting in that although the nicknames may change,
the same old personalities show through.
 
Reply With Quote
 
Dave Doe
Guest
Posts: n/a
 
      05-17-2009
In article <4a0d34d9$(E-Mail Removed)>, (E-Mail Removed)
says...
> Dave Doe wrote:
> > In article <(E-Mail Removed)>, (E-Mail Removed)
> > says...
> >> Dave Doe wrote:
> >>> In article <(E-Mail Removed)>, (E-Mail Removed)
> >>> says...
> >>>> Dave Doe wrote:
> >>>>> In article <(E-Mail Removed)> ,
> >>>>> (E-Mail Removed) says...
> >>>>>> In article <4a0b379a$(E-Mail Removed)>,
> >>>>>> (E-Mail Removed) says...
> >>>>>>> Dave Doe wrote:
> >>>>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
> >>>>>>>> @y10g2000prc.googlegroups.com>, (E-Mail Removed)
> >>>>>>>> says...
> >>>>>>>>> I seem to recall a while back that someone commented
> >>>>>>>>> about being unable to access Domainz....now I get a email
> >>>>>>>>> off them saying they have changed my password....after a
> >>>>>>>>> "security review"...
> >>>>>>>>>
> >>>>>>>>> yeah right.....
> >>>>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
> >>>>>>>> servers - just simple SQL injection IIRC, got the DNS
> >>>>>>>> records for several "big" NZ sites (not just msn) and
> >>>>>>>> redirected them.
> >>>>>>>>
> >>>>>>> DomainZ runs Windows servers. Front end is IIS 6.0
> >>>>>> They didn't hack those. They hacked the DNS servers, IIRC.
> >>>>> Here's some more info for yer...
> >>>>>
> >>>>> http://www.zone-h.org/news/id/4708
> >>>>>
> >>>>> Looks like they hacked cpanel or somethin.
> >>>>>
> >>>> Yeah, the DNS servers themselves were not hacked from that
> >>>> description. "SQL Injection" smells of MS SQL Server.
> >>> ??? - how do you work that one out.
> >>>
> >> Most SQL Injection attacks are against MS SQL server.
> >>
> >> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
> >> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
> >> gives 948,000 hits.

> >
> > I still don't get it. This is a SQL injection attack on Linux -
> > statistics doesn't change that.
> >

> Why do you think it is on Linux?


I've already posted the link, but...

http://www.zone-h.org/mirror/id/8791343

http://www.zone-h.org/mirror/id/8791688

http://www.zone-h.org/mirror/id/8791681

http://www.zone-h.org/mirror/id/8791650

http://www.zone-h.org/mirror/id/8791511

http://www.zone-h.org/mirror/id/8791510

http://www.zone-h.org/mirror/id/8791508

http://www.zone-h.org/mirror/id/8791497

http://www.zone-h.org/mirror/id/8791472

http://www.zone-h.org/mirror/id/8791466

http://www.zone-h.org/mirror/id/8791436

http://www.zone-h.org/mirror/id/8791434

http://www.zone-h.org/mirror/id/8791375

http://www.zone-h.org/mirror/id/8791343

http://www.zone-h.org/mirror/id/8791345

http://www.zone-h.org/mirror/id/8791339

Note the OS and web servers in those links above.

http://www.nbr.co.nz/article/microso...updated-101421

Note the pointer to Domainz controlling Co, the Melbourne site - you
said they run MS IIS. Wrong, they run Apache...

http://uptime.netcraft.com/up/graph?site=domainz.net.nz

It appears to me that the DNS bug is in BIND. Must be Microsoft BIND is
it?

http://www.zdnet.com.au/news/securit...e-New-Zealand-
sites/0,130061744,339296043,00.htm

http://www.theregister.co.uk/2008/08...hreat_remains/


Using statistics as evidence is generally regarded as very poor science.

--
Duncan
 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      05-17-2009
Dave Doe wrote:
> In article <4a0d34d9$(E-Mail Removed)>, (E-Mail Removed)
> says...
>> Dave Doe wrote:
>>> In article <(E-Mail Removed)>, (E-Mail Removed)
>>> says...
>>>> Dave Doe wrote:
>>>>> In article <(E-Mail Removed)>, (E-Mail Removed)
>>>>> says...
>>>>>> Dave Doe wrote:
>>>>>>> In article <(E-Mail Removed)> ,
>>>>>>> (E-Mail Removed) says...
>>>>>>>> In article <4a0b379a$(E-Mail Removed)>,
>>>>>>>> (E-Mail Removed) says...
>>>>>>>>> Dave Doe wrote:
>>>>>>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
>>>>>>>>>> @y10g2000prc.googlegroups.com>, (E-Mail Removed)
>>>>>>>>>> says...
>>>>>>>>>>> I seem to recall a while back that someone commented
>>>>>>>>>>> about being unable to access Domainz....now I get a email
>>>>>>>>>>> off them saying they have changed my password....after a
>>>>>>>>>>> "security review"...
>>>>>>>>>>>
>>>>>>>>>>> yeah right.....
>>>>>>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
>>>>>>>>>> servers - just simple SQL injection IIRC, got the DNS
>>>>>>>>>> records for several "big" NZ sites (not just msn) and
>>>>>>>>>> redirected them.
>>>>>>>>>>
>>>>>>>>> DomainZ runs Windows servers. Front end is IIS 6.0
>>>>>>>> They didn't hack those. They hacked the DNS servers, IIRC.
>>>>>>> Here's some more info for yer...
>>>>>>>
>>>>>>> http://www.zone-h.org/news/id/4708
>>>>>>>
>>>>>>> Looks like they hacked cpanel or somethin.
>>>>>>>
>>>>>> Yeah, the DNS servers themselves were not hacked from that
>>>>>> description. "SQL Injection" smells of MS SQL Server.
>>>>> ??? - how do you work that one out.
>>>>>
>>>> Most SQL Injection attacks are against MS SQL server.
>>>>
>>>> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
>>>> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL Injection"
>>>> gives 948,000 hits.
>>> I still don't get it. This is a SQL injection attack on Linux -
>>> statistics doesn't change that.
>>>

>> Why do you think it is on Linux?

>
> I've already posted the link, but...
>
> http://www.zone-h.org/mirror/id/8791343
>
> http://www.zone-h.org/mirror/id/8791688
>
> http://www.zone-h.org/mirror/id/8791681
>
> http://www.zone-h.org/mirror/id/8791650
>
> http://www.zone-h.org/mirror/id/8791511
>
> http://www.zone-h.org/mirror/id/8791510
>
> http://www.zone-h.org/mirror/id/8791508
>
> http://www.zone-h.org/mirror/id/8791497
>
> http://www.zone-h.org/mirror/id/8791472
>
> http://www.zone-h.org/mirror/id/8791466
>
> http://www.zone-h.org/mirror/id/8791436
>
> http://www.zone-h.org/mirror/id/8791434
>
> http://www.zone-h.org/mirror/id/8791375
>
> http://www.zone-h.org/mirror/id/8791343
>
> http://www.zone-h.org/mirror/id/8791345
>
> http://www.zone-h.org/mirror/id/8791339
>
> Note the OS and web servers in those links above.
>

The exploit was on the DomainZ site which does run the Microsoft OS.
Since the attack was a DNS redirect, it is not surprising that the
'hacked' pages show up the server and OS of the *attacker's* site.
>
> http://www.nbr.co.nz/article/microso...updated-101421
>
> Note the pointer to Domainz controlling Co, the Melbourne site - you
> said they run MS IIS. Wrong, they run Apache...
>

DomainZ was the attacked site and they do run IIS.
>
> http://uptime.netcraft.com/up/graph?site=domainz.net.nz
>
> It appears to me that the DNS bug is in BIND. Must be Microsoft BIND is
> it?
>

What DNS bug? Hacking the Control Panel would let them change the DNS
servers without touching the DNS servers themselves. It doesn't matter
what the actual DNS servers run.
>
> http://www.zdnet.com.au/news/securit...e-New-Zealand-
> sites/0,130061744,339296043,00.htm
>
> http://www.theregister.co.uk/2008/08...hreat_remains/
>
>
> Using statistics as evidence is generally regarded as very poor science.
>

It is more likely that the backend is Microsoft as the Front End is
Microsoft.

Cheers,

Cliff

--

The Internet is interesting in that although the nicknames may change,
the same old personalities show through.
 
Reply With Quote
 
Jack Spratt
Guest
Posts: n/a
 
      05-17-2009
"Enkidu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Dave Doe wrote:
>> In article <(E-Mail Removed)>, (E-Mail Removed)
>> says...
>>> Dave Doe wrote:
>>>> In article <(E-Mail Removed)> ,
>>>> (E-Mail Removed) says...
>>>>> In article <4a0b379a$(E-Mail Removed)>,
>>>>> (E-Mail Removed) says...
>>>>>> Dave Doe wrote:
>>>>>>> In article <c97674c4-30b7-470e-b3ea-21f8107ebb31
>>>>>>> @y10g2000prc.googlegroups.com>, (E-Mail Removed)
>>>>>>> says...
>>>>>>>> I seem to recall a while back that someone commented
>>>>>>>> about being unable to access Domainz....now I get a email
>>>>>>>> off them saying they have changed my password....after a
>>>>>>>> "security review"...
>>>>>>>>
>>>>>>>> yeah right.....
>>>>>>> Perhaps Lawrence is in charge of DomainZ hackable Linux
>>>>>>> servers - just simple SQL injection IIRC, got the DNS
>>>>>>> records for several "big" NZ sites (not just msn) and
>>>>>>> redirected them.
>>>>>>>
>>>>>> DomainZ runs Windows servers. Front end is IIS 6.0
>>>>> They didn't hack those. They hacked the DNS servers, IIRC.
>>>> Here's some more info for yer...
>>>>
>>>> http://www.zone-h.org/news/id/4708
>>>>
>>>> Looks like they hacked cpanel or somethin.
>>>>
>>> Yeah, the DNS servers themselves were not hacked from that
>>> description. "SQL Injection" smells of MS SQL Server.

>>
>> ??? - how do you work that one out.
>>

> Most SQL Injection attacks are against MS SQL server.
>
> Google hits for "MySQL SQL Injection" gives 617,000 hits, for "PostgreSQL
> SQL Injection" gives 109,000 hits and for "MS SQL Injection" gives 948,000
> hits.


So it's official. Not only is it more popular than it's Open Source
counterparts but information and support is more easily found.

 
Reply With Quote
 
Party Animal
Guest
Posts: n/a
 
      05-17-2009
Jack Spratt wrote:

>
> So it's official. Not only is it more popular than it's Open Source
> counterparts but information and support is more easily found.
>

MySQL is open source.

Open mouth.
Change feet.
 
Reply With Quote
 
Jack Spratt
Guest
Posts: n/a
 
      05-17-2009
"Party Animal" <(E-Mail Removed)> wrote in message
news:guofnb$qf9$(E-Mail Removed)...
> Jack Spratt wrote:
>
>>
>> So it's official. Not only is it more popular than it's Open Source
>> counterparts but information and support is more easily found.
>>

> MySQL is open source.
>
> Open mouth.
> Change feet.




If you unsnip what I wrote you may see that is exactly what I said.
I referred to MS SQL Server and it's open source counterparts (mysql and
postgresql)

Here is the relevant part again so you can read it while putting both feet
in.

> Most SQL Injection attacks are against MS SQL server.
>
> Google hits for "MySQL SQL Injection" gives 617,000 hits, for "PostgreSQL
> SQL Injection" gives 109,000 hits and for "MS SQL Injection" gives 948,000
> hits.




 
Reply With Quote
 
Party Animal
Guest
Posts: n/a
 
      05-17-2009
Jack Spratt wrote:
> "Party Animal" <(E-Mail Removed)> wrote in message
> news:guofnb$qf9$(E-Mail Removed)...
>> Jack Spratt wrote:
>>
>>>
>>> So it's official. Not only is it more popular than it's Open Source
>>> counterparts but information and support is more easily found.
>>>

>> MySQL is open source.
>>
>> Open mouth.
>> Change feet.

>
>
>
> If you unsnip what I wrote you may see that is exactly what I said.
> I referred to MS SQL Server and it's open source counterparts (mysql and
> postgresql)
>
> Here is the relevant part again so you can read it while putting both
> feet in.
>
>> Most SQL Injection attacks are against MS SQL server.
>>
>> Google hits for "MySQL SQL Injection" gives 617,000 hits, for
>> "PostgreSQL SQL Injection" gives 109,000 hits and for "MS SQL
>> Injection" gives 948,000 hits.

>
>
>

Sorry
Mmmmmmffffffffff
<thud>
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Domainz hosted exchange. Anything better? Boppy NZ Computing 4 11-01-2008 04:45 AM
If you Got Questions? I bet We got Answers Leisure.201@gmail.com Javascript 1 04-28-2007 11:04 PM
got an idea stlava Case Modding 8 07-14-2005 08:39 AM
Domainz, and "outdated encryption methods" Steve Marshall NZ Computing 4 06-23-2005 05:16 AM
Domainz website John NZ Computing 4 07-06-2004 07:19 AM



Advertisments