On Jul 8, 2004, at 1:34 PM, John J Lee wrote:
On Thu, 8 Jul 2004, Michael Hudson wrote:
Paul Barrett <barrett@stsci.edu> writes:
It looks like www.python.org has been hacked.
Looks perfectly normal to me. What do you see?
Black page with this silly script-kiddie message:
HellFire Jodio tu sistema admin :)
[Orgullosamente Dominicano]
[CONTACTO: eu.undernet.org] [#Security-Labs]
[hellroots@linuxmail.org] ]
14546 ttyp1 00:00:00 rootkit [I AM Backd00ring this B0x :)]
14945 pts/2 00:00:00 hide [backd00r sucess and hided ]
145946 pts/2 00:00:00 root [your are Hacked But u don't know] HellFire Jodio tu sistema admin :)
Wow, I didn't see that... It worked at first, but now I see a 403 Forbidden on www.python.org (but not docs.python.org)! This is what I get for DNS: [crack:~] bob% dig www.python.org ; <<>> DiG 9.2.2 <<>> www.python.org ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35567 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.python.org. IN A ;; ANSWER SECTION: www.python.org. 86269 IN CNAME fang.python.org. fang.python.org. 86269 IN A 194.109.137.226 ;; AUTHORITY SECTION: python.org. 33600 IN NS ns.xs4all.nl. python.org. 33600 IN NS ns2.xs4all.nl. ;; ADDITIONAL SECTION: ns.xs4all.nl. 21233 IN A 194.109.6.67 ns2.xs4all.nl. 21233 IN A 194.109.9.100 ;; Query time: 37 msec ;; SERVER: 10.0.3.1#53(10.0.3.1) ;; WHEN: Thu Jul 8 13:36:09 2004 ;; MSG SIZE rcvd: 143 -bob