steerpike opened this issue on Feb 16, 2005 ยท 34 posts
steerpike posted Wed, 16 February 2005 at 4:16 PM
I've just tried to access DAZ3D, and got a blank page except for the message below;
'hax0rs lab ownz you - hax0rs@email.com'
I've tried both in Firefox (with account cookies set) and IE (no cookies set) with the same result. Is anyone else getting this?
Message edited on: 02/16/2005 16:17
pokeydots posted Wed, 16 February 2005 at 4:19 PM
I was just there and had no problems
Poser 9 SR3 and 8 sr3
=================
Processor Type: AMD Phenom II 830 Quad-Core
2.80GHz, 4000MHz System Bus, 2MB L2 Cache + 6MB Shared L3 Cache
Hard Drive Size: 1TB
Processor - Clock Speed: 2.8 GHz
Operating System: Windows 7 Home Premium 64-bit
Graphics Type: ATI Radeon HD 4200
•ATI Radeon HD 4200 integrated graphics
System Ram: 8GB
Xena posted Wed, 16 February 2005 at 4:20 PM
Forum is still working, but yeah I got the same message :( http://forum.daz3d.com/
redhorse posted Wed, 16 February 2005 at 4:20 PM
Yep, they've been hacked. I'm getting the same message.
sandoppe posted Wed, 16 February 2005 at 4:21 PM
Looks like they were, but they seem to be back now. I got the same message, but it cleared up very quick. From your posting times, it doesn't appear that it was very long.
Ardiva posted Wed, 16 February 2005 at 4:22 PM
Just checked it again after seeing your post. No problem here, using Firefox. Haven't had a problem with it all day.
Weird thing.
Message edited on: 02/16/2005 16:26
artistheat posted Wed, 16 February 2005 at 4:23 PM
No problem here....DAZ GOT KIDNAPPED!!..lol
sandoppe posted Wed, 16 February 2005 at 4:33 PM
Yes.....but their Kung Foo is very strong! :)
Sombraweblab1 posted Wed, 16 February 2005 at 4:39 PM
How about the user's personal data (creditcard nunmber and stuff) can the hackers got that?
Aeneas posted Wed, 16 February 2005 at 4:47 PM
If they tried to get in, I don't think it was for the sandwiches or the beer. Sorry: Coke as Daz is a family site. No beer...
I have tried prudent planning long enough. From now I'll be mad. (Rumi)
kuroyume0161 posted Wed, 16 February 2005 at 4:50 PM
I certainly hope not!!!
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
Khai posted Wed, 16 February 2005 at 4:54 PM
" Yes.....but their Kung Foo is very strong! :)" erm no. their kungfu is very weak. they got hit by the virus that did the rounds 3 weeks ago. everyone else patched.. they did'nt? very very strange....
sandoppe posted Wed, 16 February 2005 at 4:57 PM
It's one of the reasons I never store credit card information anywhere, but I would guess that DAZ has lots of firewalls you have to go through to get to that kind of information. I wouldn't worry about it. Whoever hacked DAZ's main page is probably not after anything other than to try and start some controversy and make a name for themselves. A really good hacker and a thief would not have left a message behind. This is just someone trying to get attention.....the lame little prick :)
Sarte posted Wed, 16 February 2005 at 5:26 PM
I don't see any message there.
Do the impossible, see the invisible
ROW ROW FIGHT THE POWER
Touch the untouchable, break the unbreakable
ROW ROW FIGHT THE POWER
randym77 posted Wed, 16 February 2005 at 5:33 PM
They fixed it pretty quickly.
Sileen posted Wed, 16 February 2005 at 6:17 PM
Did DAZ publicly announce this in a thread somewhere, Khai? If not, I'm wondering where you're getting your information. Did I miss something? blinks It's possible I missed something. Where is the thread where DAZ explains this about some virus?
cooler posted Wed, 16 February 2005 at 6:44 PM
Attached Link: http://forum.daz3d.com/viewtopic.php?t=15162
This was just posted up at DAZ...*"Hello, everyone. DAZ has asked me to make an explanatory post regarding this issue, since I was contacted to assist their system administration team with the forensics and I located the "root cause" of the intrusion to their server.
Essentially, at 13:09:09, a computer in Brazil connected to the DAZ website and exploited a security vulnerability in a commonly used statistical analysis package for web logs. An exploit existed that would allow a carefully crafted string to write or overwrite a file that the parsing script had permissions to. The attackers used this to create an 'index.html' page on the web server containing the message.
There's no evidence whatsoever to suggest the people responsible had any ability to read any data from the server. Moreover, because of the method used, we have a full log of every command issued, and we have a list of all files that were modified - and the only they thing touched was creating the spurious index.html.
While DAZ takes every security incident seriously, and will be working with the proper authorities to respond to this incident, that even in a much more serious compromise there are actually several more hurdles that would have to be assailed by a would-be attacked to get access to any sensitive information. The credit card information entrusted to DAZ is protected by absolutely draconion security measures and is designed to be inaccessible to anyone - even DAZ employees."* edited to add URL
Message edited on: 02/16/2005 18:49
Khai posted Wed, 16 February 2005 at 7:03 PM
" Did DAZ publicly announce this in a thread somewhere, Khai? If not, I'm wondering where you're getting your information. Did I miss something? blinks It's possible I missed something. Where is the thread where DAZ explains this about some virus?" a few weeks ago a virus leaving a similar msg hit about 75% of all the PHP boards on the net... it was a hellva attack since the estimates ran to about 20,000 boards taken down. I was thinking it was the same virus. and reading that explanation above, I still think it could have been, since they described a similar loophole to the one the virus was exploiting.
Sileen posted Wed, 16 February 2005 at 9:15 PM
Could have been, but your previous statement was stating it as fact like you knew. Thanks for the clarification
Khai posted Wed, 16 February 2005 at 9:38 PM
new information changes outlooks you know ;) note the 2 hours between my statements of seeing what was a very similar attack to when Daz posted their explanation ;)
Sileen posted Wed, 16 February 2005 at 9:57 PM
Well, I didn't know if you were trying to state an outlook, or fact. You seemed to state it as fact, so I wanted to know where you got your information from. You should use the words "I think" or "my opinion" instead of "They got!"
Khai posted Wed, 16 February 2005 at 10:00 PM
and maybe you should take your opinion to someone that cares?
Sileen posted Wed, 16 February 2005 at 10:07 PM
I was making a SUGGESTION so you could avoid confusion. Ease off.
Khai posted Wed, 16 February 2005 at 10:13 PM
erm? you jumped on me remember? you ease off. I was being friendly until you tried to tell me what I should have said. that is actually quite rude.
Lyrra posted Wed, 16 February 2005 at 10:35 PM
both of youse need to go and take a deep breathe and chill out :) DAZ got hit ..they fixed it fast. End of story. This happens. And now whomever did this has a couple hundred cranky poserholics after them .. I'd feel sorry for the dude in Brazil actually. lol Lets sic Dodger on 'em! serves 'em right Lyrra
sandoppe posted Wed, 16 February 2005 at 10:53 PM
I agree Lyrra :) The only advise I have for DAZ is: quit using that damned Microsoft web log software!! :)
milamber42 posted Wed, 16 February 2005 at 11:16 PM
@sandoppe LOL It took me a bit to remember the "Kung Fu" reference.
XENOPHONZ posted Wed, 16 February 2005 at 11:37 PM
Hack0erz Boyz Ownz Youz!!!!!!!
Youz isz deadz meatz!!!!
Wez bez coolz becausez wez spellz everthingz withz zzzzzzzzzzz's(z)!!!!!!!
Actuallyz, Iz hasz az speechz impedimentz.
Hack0erz Boyz notz tooz brightz!!!!!! Notz knowz howz toz talkz tooz goodz..........spendz tooz muchz timez watchingz Starz Trekz, andz dreamingz aboutz beingz da Bigz Badz Manz!
Yeahz, Iz Coolerz thanz youz....evenz thoughz Iz weighsz 90z poundsz soakingz wetz.
Iz wetz da bedz, tooz. Da bigz meanz boyz alwaysz pickin'z onz mez!!!!!!
Iz getz myz revengez onz thez worldz!!!!! Iz Hack0erz Bigz Badz Dudez!!!!!!!!
Iz rulez!!!!!!!!!!!
sandoppe posted Wed, 16 February 2005 at 11:41 PM
milamber42 ;) Fortunately for DAZ, that Brazilian is no where near as capable as Rat! :)
macdubhgal posted Thu, 17 February 2005 at 1:05 AM
milamber42?? Do we know each other from another site? I can't imagine Milamber is a common name...
lmckenzie posted Thu, 17 February 2005 at 1:16 AM
"...quit using that damned Microsoft web log software..." I assume you were joking. If not, be advised that: According to Netcraft: "http://www.daz3d.com was running Apache on FreeBSD when last queried at 17-Feb-2005 07:10:03 GMT" Also the Brazilian stats hack apparently attacks a program named AWstats, definitely not a Microsoft product. Microsoft did cause the tsunami though.
"Democracy is a pathetic belief in the collective wisdom of individual ignorance." - H. L. Mencken
kuroyume0161 posted Thu, 17 February 2005 at 1:24 AM
lmckenzie, Bill Gates is sending his Geek-Squad to 'panzy' you as...we...speak!!! ;) - On a serious note, was this a PHP forum hack? Seems that phpBB is getting alot of attention from the script kiddies lately.
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
lmckenzie posted Thu, 17 February 2005 at 2:17 AM
Attached Link: http://www.blogherald.com/2005/02/03/awstats-exploit-downs-blogs
Here's the first reference I found--nothing about PHP so it's different from that one. I'm sure Bill is cackling to see open source getting bitch-slapped for a change though. Too late for the Geek-Squad. I already drank the Kool-Aid and had the chip implanted. It was a mighty big suppository too."Democracy is a pathetic belief in the collective wisdom of individual ignorance." - H. L. Mencken
Ben_Dover posted Thu, 17 February 2005 at 2:53 AM
This even happened to phpBB.com. Sounds like the same group was responsible. I read a little about it as soon as it happened since I have a server with AWStats. It was via an exploit in the AWStats program, an app that generates web stats for bandwidth, referrers, etc. Cpanel includes AWStat in the package so I asked around about that too. The compromise is only in the standalone version of AWStats before version 6.2 so those of you with web sites and using the standalone (not the cpanel version) better upgrade. While you're at it make sure your host/provider is using the latest version of php as well as there's another exploit there (hear that DAZ?). For what it's worth, phpBB.com was down for a few days. Apparently it really harshed their server, not just the index page. So good going DAZ, way to recover fast. Of course, an ounce of prevention is worth a pound of cure.... ;)