Astalavista.com hacked, including details

Page as it appeared on June 5, 2009 12:15AM EDT: <a href="http://pastebin.com/f751e9f5b" rel="nofollow">http://pastebin.com/f751e9f5b</a><p>The post is a little low on details concerning the actual exploit used, but there's pretty massive carnage. Let's hope the admins have offsite backups.<p>For those who don't know of Astalavista, it was a popular website for "hackers" with relatively low-quality content. It started in 1994, and was one of the first search engines for computer security information. It hosted software exploits, and quickly degenerated into a forum for sharing software cracks, spyware, and virii.<p>Being a security-related website, you'd expect the owners to be a little more careful, which is why this is interesting.

When a site is reported as 'hacked', am I alone in <i>not</i> wanting to visit it for a look-see? Aren't the same people who deface sites likely to try fresh browser compromises against rubberneckers?

This somewhat concludes the whole point of the hax0rs:<p>Quote: "plaintext passwords? yes, those so called "security professionals" who charge you $6.66 / month to register at their hack-proof portal, save your passwords in plaintext... brilliant!"

I think scrolling down that was more suspenseful than any book I've ever read :)

Its the (other) hacker news this week on HN.

From Digg: <a href="http://digg.com/security/astalavista_com_Hacked_2" rel="nofollow">http://digg.com/security/astalavista_com_Hacked_2</a><p><a href="http://romeo.copyandpaste.info" rel="nofollow">http://romeo.copyandpaste.info</a> gives an idea about anti-security movement...

a bunch of people on efnet irc say that it was hacked by some guy named darkpontifex or some group called dikline or something. supposed to not be a litespeed vuln its actually an ntp daemon vuln just changed the name to confuse people.

Read from line 1758 (at <a href="http://pastebin.com/f751e9f5b" rel="nofollow">http://pastebin.com/f751e9f5b</a>) and you'll see that those astalavista guys have no taste... Good riddance.

The hackers complain about Astalavista being targeted towards script kiddies. However, it looks like they used a prepackaged exploit, too.

I saw some paypal details in there aswell, I'm wondering if astalavista used any of the same passwords to secure that account?

Heh 13.33.33.37.

<a href="http://pastebin.com/m592e1f1c" rel="nofollow">http://pastebin.com/m592e1f1c</a>

The site is back up now...

2.6.18-128.1.10.el5 is the latest patchlevel of RHEL or CentOS kernels. It seems like their security officers are sleeping on their keyboards. Good news for so-called enterprise linux customers. amazon.com? =)<p>btw, this is merely good quality of system maintaince (of course, their backup system is very funny), but this is very usual way people uses linux and oss nowadays - no one cares to much, thanks to apt-get and yum and xen.<p>Linux is a mainstream now, nothing special, just stupid, plain activity. It was cool when they were migrated from 2.4 to 2.6 kernel, or even from 2.1 to 2.2 glibc. Today it lost all its coolness and romance.<p>Just imagine what happening in corporate sector, who hires cheap boys or guys from third-world, like me.

That was painful to "watch" happen to them. Lesson learned. Do NOT f<i></i>* with hackers...

Who? If it was altavista.com this might be news...