#Title: nuffnang.com.my digodam dan separuh database dilepaskan #Date: 23 July 2011 ,ad8888ba, db 8b d8 ad88888ba 88888888888 ,ad8888ba, d8"' `"8b d88b Y8, ,8P d8" "8b 88 d8"' `"8b d8' d8'`8b Y8, ,8P Y8, 88 d8' 88 d8' `8b "8aa8" `Y8aaaaa, 88aaaaa 88 88 88888 d8YaaaaY8b `88' `"""""8b, 88""""" 88 Y8, 88 d8""""""""8b 88 `8b 88 Y8, Y8a. .a88 d8' `8b 88 Y8a a8P 88 Y8a. .a8P `"Y88888P" d8' `8b 88 "Y88888P" 88888888888 `"Y8888Y"' Net assalamualaikum dan selamat sejahtera, Setelah beberapa hari menyepi, akhirnya kami telah kembali dengan rekaan laman web, sistem dan beberapa fungsi yang baru. Kami akan cuba membantu anda selagi termampu di halaman facebook kami iaitu http://www.facebook.com/pages/GaySec/192237197500884 jika anda mempunyai masalah komputer, tahap keselamatan laman web atau komputer, bahasa pengaturcaraan, atau apa sahaja, kami akan cuba untuk membantu. Bercerita tentang nuffnang, mungkin di malaysia ini sudah semestinya ramai blogger yang menggunakan laman sesawang nuffnang untuk mendapatkan duit daripada jumlah pelawat, trafik dan pelbagai lagi dengan menggunakan servis pengiklanan daripada nuffnang.com.my. Hari ini kami bersempatan untuk melawat halaman nuffnang dan kami telah mendapati laman sesawang nuffnang.com.my tidaklah sebegitu selamat. Kami mulai risau jika suatu hari nanti ada seseoarang yang dapat memasuki ke dalam server(pelayan) nuffnang dan manipulasikan antara servis pengiklanan nuffnang untuk melepaskan virus dengan menggunakan iframe dan skrip javascript yang telah tertanam di dalam setiap laman web yang melanggan iklan servis nuffnang. Kami risau jika suatu hari nanti nuffnang akan dijadikan sasaran utama untuk menyebarkan virus yang merebak melalui halaman seperti laman sosial facebook yang dijangkiti virus koobface. Mungkin seseorang itu boleh menggunakan teknik "ActiveX java" untuk menamkan virus seperti stealer(pencuri), rat(remote administration tool) dan pelbagai lagi virus yang boleh menyebabkan sesebuah komputer pelawat itu dijangkiti oleh virus yang telah di tanamkan di dalam halaman skrip javascript nuffnang tersebut. Kami cuma akan berkongsi sebanyak 34,531 ribu database yang sedang berada oleh kami sekarang di atas sebab kesalamatan dan perkara yang tidak dapat dielakkan. Kami cuma mahu memberi kesedaran terhadap sistem admin dan web master itu tentang keselamatan laman web sendiri, sebelum menuduh dan menyalahkan kami, sila gunakan kepandaian atau duit anda untuk mengupah sesiapa sahaja yang memberikan servis "security pentest" di malaysia ini, kami rasa terlalu banyak syarikat yang membuat servis "security pentenst" bagi menyemak dan melakukan pengimbasan terhadap keselamatan sesuatu sistem dan laman sesawang itu. Oh, sebelum terlupa, mengenai bentuk dan hash kata laluan nuffnang... Nuffnang menggunakan format SHA1(kata laluan biasa + tarikh akaun di daftarkan). Maknanya anda memerlukan tarikh akaun di daftarkan untuk melakukan proses "penukaran" kata laluan daripada SHA1 kepada kata laluan asal. Anda boleh memuat turun pangkalan database nuffnang daripada sini: http://www.gaysec.net/files/nuffnang_34531_user.rar Contoh kata laluan telah di SHA1 (+tarikhkan ) kan adalah seperti ini: a90bd4f47e8c3a776efd7a1db2c69471ed1083ab kata laluan asal: uskf tarikh register: 2011-07-22 18:57:55 Berikut adalah beberapa butiran tentang server(pelayan) nuffnang yang telah kami dapat: $ uname -a Linux c1-web2.nuffnang.com.my 2.6.18-194.32.1.el5 #1 SMP Wed Jan 5 17:52:25 EST 2011 x86_64 $ id 2 ( daemon ) Group: 2 ( daemon ) $ pwd /home/nuffmy/public_html/ $ cat /etc/passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news: uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin pcap:x:77:77::/var/arpwatch:/sbin/nologin rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin nfsnobody:x:4294967294:4294967294:Anonymous NFS User:/var/lib/nfs:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin avahi:x:70:70:Avahi daemon:/:/sbin/nologin haldaemon:x:68:68:HAL daemon:/:/sbin/nologin avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin mysql:x:101:103:MySQL server:/var/lib/mysql:/bin/bash nuffmy:x:500:500::/home/nuffmy:/bin/bash nuffnang:x:501:501::/home/nuffnang:/bin/bash churp2:x:502:502::/home/churp2:/bin/bash phpmyadmin:x:503:503::/home/phpmyadmin:/bin/bash ftpuser:x:504:504::/dev/null:/etc ntp:x:38:38::/etc/ntp:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin servermon:x:505:505::/home/servermon:/bin/bash $ cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 c1-web2.nuffnang.com.my c1-web2 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost 10.0.0.32 www.nuffnang.com.my nuffnang.com.my www.nuffnang.com nuffnang.com innit.nuffnang.com
Dan setelah dihack...nuffnang membalas KLIK:
( Dear Nuffnangers,
Yesterday evening on Friday (22nd July), we discovered an illegal and unauthorised intrusion into our network, which was the latest in a series of hacking incidents by individuals who also claim to have targeted Streamyx, CIMB, TV3 and the several other local websites previously. In our case, the hackers managed to retrieve a portion of our blogger account information and released the emails of some Nuffnang accounts.
The breach has since been fixed, and we’d like to address a few key concerns that you may have.
1. Your password is safe.
As part of the existing security measures, all user passwords in our database have always been protected with one-way encryption. Nevertheless, we still encourage you to change your password (especially if you use the same password for other sites) as a precautionary measure in case the hackers are able to get past the encryption.
2. Blog earnings and payment records are not affected.
Current earnings and payment history for all users are safe and were not compromised in any way.
3. Loading of blogs serving Nuffnang ads is not affected.
At 1.00 am last night, our Tech team took down the website for maintenance and for a few hours, ads were not served. This morning though, everything is up and running again and back to normal. All blogs serving Nuffnang ads loaded as usual and were not affected by the breach.
This security lapse is an isolated incident, as the security of our sites has always been and always will be our utmost priority. It has however opened our eyes on some vulnerabilities we had on our website. In response to that, we will be taking measures to further heighten the security of the Nuffnang framework because from what we understand, that was after all the motivation of the hackers – not to cause any permanent damage, but to highlight vulnerabilities in a system.
To the Nuffnangers who made many attempts to alert us once word got out that the Nuffnang site was hacked, we cannot begin to thank you enough.
To the wonderful Nuffnang community, thank you for standing by us in this time of crisis. Your patience and support is something we are thankful for and will never take for granted. We apologize for any inconvenience caused, and for not being able to prevent this breach. We have put dedicated staff to work on this matter, therefore to address any concerns or questions you may have about this incident, please write in to us at security@nuffnang.com.
Thank you.
Sincerely,
The Nuffnang Team )
0 org seni komen:
Catat Ulasan
KOMEN