server Issues / Can't access SOTT

[Psalehesost]

Glad SOTT's back. Came on the forum to catch up, and say that this probably can't be just incompetence, right? And now I see that the forum Admin's opinion is that it is an unusual type of intentional attack. If you guys have any ideas to reduce or prevent recurrence, let us know if anything particular is needed and see what forum members can do to help.

Scottie mentioned shopping for a new server. While attacks may become more sophisticated, a more competent host (who bothers to take appropriate precautions) would not allow this particular attack to happen.

 

[Seamus]

Glad SOTT's back. Came on the forum to catch up, and say that this probably can't be just incompetence, right? And now I see that the forum Admin's opinion is that it is an unusual type of intentional attack. If you guys have any ideas to reduce or prevent recurrence, let us know if anything particular is needed and see what forum members can do to help.

After catching up on latest posts on the forum, I'll go catch up on SOTT. Thanks for your hard work, as always.

My thoughts are that this is a little more than just disgruntled/disaffected hackers; it is targeted and deliberate and began as soon as we had launched our anti-propaganda program; the timing is just too coincidental.

We weren't really concentrating on twitter before right? All of the sott.net links probably attracted some new/more attention. Have you noticed an uptick in traffic with the new efforts?

Maybe time to break out Tom Petty? We won't back down?

 

[Ivan_]

Not fatal, but very irritating. I suggest pentesting with my 2 hands, 2 feet and 2 ears, if you are really onto a war. If on a budget, arm the tekkies with BlackArch, Kali and SamuraiWTF (for starters) and let them blast away the automated tools (for starters) at the sott site, forum, servers (VEGA, W3F, BurpSuite, OWASP ZAP, etc...). Check the reports and patch up even the informational flags (they give out info on server software versions, etc). Session hijacking, cookie stealing, XSS, other web app vulnerabilities and exploitable bugs can ALSO lead to larger problems such as privilege escalation and from there persistent backdoor trojans, data theft, money theft, defacement, etc. Close down all unused services, ports and subdomains. Close down default service "users" to prevent privilege escalation. Take note that clodflare does not protect your identity, but other things could. On that note, WORK WITH the idea that the computers of the sott team might have been actually targeted. As for catching the hackers, your hosts need to provide some hints. If you need anything, just whistle, the network will try to assist.

 

[Seamus]

Not fatal, but very irritating. I suggest pentesting with my 2 hands, 2 feet and 2 ears, if you are really onto a war. If on a budget, arm the tekkies with BlackArch, Kali and SamuraiWTF (for starters) and let them blast away the automated tools (for starters) at the sott site, forum, servers (VEGA, W3F, BurpSuite, OWASP ZAP, etc...). Check the reports and patch up even the informational flags (they give out info on server software versions, etc). Session hijacking, cookie stealing, XSS, other web app vulnerabilities and exploitable bugs can ALSO lead to larger problems such as privilege escalation and from there persistent backdoor trojans, data theft, money theft, defacement, etc. Close down all unused services, ports and subdomains. Close down default service "users" to prevent privilege escalation. Take note that clodflare does not protect your identity, but other things could. On that note, WORK WITH the idea that the computers of the sott team might have been actually targeted. As for catching the hackers, your hosts need to provide some hints. If you need anything, just whistle, the network will try to assist.

Penetration testing sounds like a good idea and a way that several of us could potentially help out. I use Linux as my daily driver OS I'm familiar with BASH, I could help out with this if needed.

 

[Lamp of Orion]

I've been lurking in this thread ever since the ASUS login page started appearing, so I just wanted to drop by and say, what's happening over at my favorite news site is absolutely insane. It also begs the question, "Why SOTT.NET?" Well, it seems to me that SOTT.NET is so right on the money that someone got pissed about it. Keep up the good fight, people of Cassiopaea, you have changed my life for the better.

 

[trendsetter37]

Not fatal, but very irritating. I suggest pentesting with my 2 hands, 2 feet and 2 ears, if you are really onto a war. If on a budget, arm the tekkies with BlackArch, Kali and SamuraiWTF (for starters) and let them blast away the automated tools (for starters) at the sott site, forum, servers (VEGA, W3F, BurpSuite, OWASP ZAP, etc...). Check the reports and patch up even the informational flags (they give out info on server software versions, etc). Session hijacking, cookie stealing, XSS, other web app vulnerabilities and exploitable bugs can ALSO lead to larger problems such as privilege escalation and from there persistent backdoor trojans, data theft, money theft, defacement, etc. Close down all unused services, ports and subdomains. Close down default service "users" to prevent privilege escalation. Take note that clodflare does not protect your identity, but other things could. On that note, WORK WITH the idea that the computers of the sott team might have been actually targeted. As for catching the hackers, your hosts need to provide some hints. If you need anything, just whistle, the network will try to assist.

Penetration testing sounds like a good idea and a way that several of us could potentially help out. I use Linux as my daily driver OS I'm familiar with BASH, I could help out with this if needed.

Oh boy If you guys need a defensive hacking squad that would be pretty cool annnd I would be interested in helping out as well. I am in the same boat as Seamas regarding OS preferences.

 

[Ivan_]

Not fatal, but very irritating. I suggest pentesting with my 2 hands, 2 feet and 2 ears, if you are really onto a war. If on a budget, arm the tekkies with BlackArch, Kali and SamuraiWTF (for starters) and let them blast away the automated tools (for starters) at the sott site, forum, servers (VEGA, W3F, BurpSuite, OWASP ZAP, etc...). Check the reports and patch up even the informational flags (they give out info on server software versions, etc). Session hijacking, cookie stealing, XSS, other web app vulnerabilities and exploitable bugs can ALSO lead to larger problems such as privilege escalation and from there persistent backdoor trojans, data theft, money theft, defacement, etc. Close down all unused services, ports and subdomains. Close down default service "users" to prevent privilege escalation. Take note that clodflare does not protect your identity, but other things could. On that note, WORK WITH the idea that the computers of the sott team might have been actually targeted. As for catching the hackers, your hosts need to provide some hints. If you need anything, just whistle, the network will try to assist.

Penetration testing sounds like a good idea and a way that several of us could potentially help out. I use Linux as my daily driver OS I'm familiar with BASH, I could help out with this if needed.

Oh boy If you guys need a defensive hacking squad that would be pretty cool annnd I would be interested in helping out as well. I am in the same boat as Seamas regarding OS preferences.

Let them decide. This whole hijacking op could be just a vulnerable server, meaning an opportunity, but it may be a smoke screen for doing nasty things, especially when sott is doing counter-PTB reporting. It's everything, but cool. A forensic study of the attack (forensics - SIFT, CAINE, etc.), could give more clues.

 

[Mark]

Not fatal, but very irritating. I suggest pentesting with my 2 hands, 2 feet and 2 ears, if you are really onto a war. If on a budget, arm the tekkies with BlackArch, Kali and SamuraiWTF (for starters) and let them blast away the automated tools (for starters) at the sott site, forum, servers (VEGA, W3F, BurpSuite, OWASP ZAP, etc...). Check the reports and patch up even the informational flags (they give out info on server software versions, etc). Session hijacking, cookie stealing, XSS, other web app vulnerabilities and exploitable bugs can ALSO lead to larger problems such as privilege escalation and from there persistent backdoor trojans, data theft, money theft, defacement, etc. Close down all unused services, ports and subdomains. Close down default service "users" to prevent privilege escalation. Take note that clodflare does not protect your identity, but other things could. On that note, WORK WITH the idea that the computers of the sott team might have been actually targeted. As for catching the hackers, your hosts need to provide some hints. If you need anything, just whistle, the network will try to assist.

The big problem with so-called penetration testing services is that you have to trust them to tell you EVERYTHING they find, and you have to trust them to not abuse it before you find out what they discover. I have never found the rationale to give such orgs that level of trust - never once in 20+ years of chasing the bad guys around, out, off to anywhere else. They have nothing to lose in the way of reputation or legal pursuit, etc. Professional high profile proven white hats, maybe they can be trusted to some extent -- only maybe. But blackhats or anything that even slightly has that ill air about it, no way. That's my perspective at this time.

We have enough collective knowledge among the server admins to address any likely issues to a big extent on our own, including gathering tools, running them, reading reports and logs, etc. This has been proven over time. Not saying that we cant use any more help, or that what we do makes anything bulletproof by any stretch of imagination, but so far, we've done a damn good job of protecting our resources. When attackers can't penetrate through those defenses they resort to other tactics - similar to many battlefields in history, if one group can't overrun their opponent then they may try to cut off their opponent's resources and wait them out. That's the level these recent attacks have taken on.

 

[Ivan_]

"But blackhats or anything that even slightly has that ill air about it, no way. "

Indeed, this is precisely why I said that you also could do it.

"We have enough collective knowledge among the server admins to address any likely issues to big extent on our own, including gather tools, running them, reading reports, etc. This has been proven over time. Not saying what we cant use any more help, or that what do makes anything bulletproof by any stretch of imagination, but so far, we've done a damn good job of protecting our resources. When attackers can't penetrate through those defenses they resort to other tactics - similar to many battlefields in history, if one group can't overrun their opponent then they may try to cut off their opponent's resources and wait them out. That's the level these recent attacks have taken on."

Seems so, but the problem got fixed, and then it happened again. I am just suggesting you to test everything (that part, which is in your hands at least) against brutal blackhatters and their techniques before 'they' decide to strike again. Hope they have not left a rootkit or backdoor somewhere. That you have done a pretty good job, everyone can see.

Edit: Addition.

 

[doublea1535]

Glad to see SoTT is back up!

Were you able to confirm that you are in fact on a shared VLAN on the front-side? You could ask to get a dedicated VLAN/subnet. Probably would cost more, and would more than likely mean re-IPing (if you are on a shared subnet now that is). Would prevent this particular type of attack from happening again. There are various ways to prevent people from doing this sort of thing, not sure how amenable they would be to implementing any of them though.

What is curious to me, that they would assign your IP to their server, and just have it on their IPKVM port. That's a pretty mild attack actually, however effective a DoS it is. Maybe a warning perhaps, that they could do much worse? Or maybe, like we have seen before with people like this, they often don't attract the best and brightest.

 

[doublea1535]

Based on the info from the server people, it was deliberate stealing of the IP. And then, once it was solved, it has apparently been done again. But we'll wait for more word from Mr. Scott. As soon as he got up, he went to work on the problem. Thanks to m for being up during the night and at least managing to redirect away from the dreaded Asus screen.

That's a pretty frustrating situation, and a total lack of customer service on their part. For one, it shouldn't have taken them so long to find the issue. And for two, they should've shut that other "customer" down as soon as they discovered it. I would've disabled their entire network immediately for pulling crap like that.

 

[Shared Joy]

Hi,
I'm sorry to bother you with my problem, but I can't change my password, as having been permanently logged on, I forgot the password, and when I tried to access the email address I used, the answer was that it is incorrect email address.
So I can't do anything, except to ask you to disconnect me as a user, and I shall make a new account.
I am worried, as I was so naive to access the Asuss page, but I'm not sure I used even there the right password, so who knows what happened.
Joy

 

[Gawan]

Hi Joy Shared,

if you like send me a PM (or any other moderator) with your sott username and I could look up your email address and send it back to you.

 

[loreta]

Hi Joy Shared,

if you like send me a PM (or any other moderator) with your sott username and I could look up your email address and send it back to you.

Gawan, I have the same problem than Joy Shared concerning the SOTT.NET page. Yesterday was ok, but today no ok. I will send you an email me too, if you don't mind. Thank you.

 

[Arwenn]

Not fatal, but very irritating. I suggest pentesting with my 2 hands, 2 feet and 2 ears, if you are really onto a war. If on a budget, arm the tekkies with BlackArch, Kali and SamuraiWTF (for starters) and let them blast away the automated tools (for starters) at the sott site, forum, servers (VEGA, W3F, BurpSuite, OWASP ZAP, etc...). Check the reports and patch up even the informational flags (they give out info on server software versions, etc). Session hijacking, cookie stealing, XSS, other web app vulnerabilities and exploitable bugs can ALSO lead to larger problems such as privilege escalation and from there persistent backdoor trojans, data theft, money theft, defacement, etc. Close down all unused services, ports and subdomains. Close down default service "users" to prevent privilege escalation. Take note that clodflare does not protect your identity, but other things could. On that note, WORK WITH the idea that the computers of the sott team might have been actually targeted. As for catching the hackers, your hosts need to provide some hints. If you need anything, just whistle, the network will try to assist.

The big problem with so-called penetration testing services is that you have to trust them to tell you EVERYTHING they find, and you have to trust them to not abuse it before you find out what they discover. I have never found the rationale to give such orgs that level of trust - never once in 20+ years of chasing the bad guys around, out, off to anywhere else. They have nothing to lose in the way of reputation or legal pursuit, etc. Professional high profile proven white hats, maybe they can be trusted to some extent -- only maybe. But blackhats or anything that even slightly has that ill air about it, no way. That's my perspective at this time.

We have enough collective knowledge among the server admins to address any likely issues to a big extent on our own, including gathering tools, running them, reading reports and logs, etc. This has been proven over time. Not saying that we cant use any more help, or that what we do makes anything bulletproof by any stretch of imagination, but so far, we've done a damn good job of protecting our resources. When attackers can't penetrate through those defenses they resort to other tactics - similar to many battlefields in history, if one group can't overrun their opponent then they may try to cut off their opponent's resources and wait them out. That's the level these recent attacks have taken on.

Ummm...I don't understand a word of what you guys are talking about (I wish I did, and I wish I could be of help). SoTT is back up for me. We are obviously gaining traction, hence this attack. I would caution everyone on SoTT and this network to be extra vigilant. We're obviously on their radar, and who knows what they may do