So, I decided to have a play with Joomla a couple of weeks ago as one of the first websites I ever built Cruelcard needed to be moved away from my Windows host and had to be rebuilt in something other than ASP. I’ve been wanting an excuse to play with Joomla and well, here it was. I built the site, put up the plugins I wanted, themed it and lo and behold had a brand spanking new website. Everything was good .. the sun was shining etc .. until last night ..

Last night I logged in to find that the site had been defaced. I should have taken a screenshot to show you, but I just overwrite the message with a “Will be back soon” message. I left everything as it was so that I could find out exactly how the hackers broke into my site. Today I had some time, so I went through my logs and this is what I learnt:

• The hacker was from Turkey. Well, I knew that as the defacement was in Turkish but his IP address (85.110.114.98) confirmed that.
• He was specifically looking for Joomla sites to target. The first referrer I have is: http://go.mail.ru/search?&q=Powered+by+Joomla%21.+Valid+XHTML+and+CSS&no_morph=n&sf=480. You can see exactly what he was looking for, but seeing I’m on page 49, he must have gone through quite a few other sites first.
• He gained access to the site by resetting the admin password. I actually found the exploit in Milworm (possibly this one anyway). This coupled by the fact that the sequence of commands were all placed in under a minute suggests that this was a scripted attack.
• Once the admin password was changed, the hacker went straight to the admin site and did whatever he needed to do.
• The hacker also seems to have uploaded some media using the Media Manager which suggests I need a proper rebuild of the whole thing.

It was pretty interesting to follow the hacker‘s footsteps. I will need to rebuild with a newer version of the software that blocks that hole, but I am partly responsible because I didn’t change the default administrator’s name. If I had done that, I might have had a bit of protection. I’m not going to abandon Joomla just because of this but it has certainly highlighted the importance of backups to me!

If anyone’s interested, you can read through the log: cruelcardcom-hack

Note to self: Read more about Milw0rm and don’t watch so much CSI

• Unlock Windows XP password without any tools video?
• Offline NT password editor
• 10 Immutable laws of security

Enjoy!

In the four years since its introduction, the iPod has proven to be a versatile little device. Despite a relatively closed architecture, hackers have found their way in. Content creators and software makers put information at your fingertips when you’re on the go. Would-be designers have added to the fashionable stylings of the now-ubiquitous white ear buds. Hardware makers and enthusiasts have augmented the iPod with new add-on gadgets.

For fun, I’ve compiled a bunch of hacks, add-ons, accessories, and such. Here are 50 Things to Do with Your iPod (besides listen to music with those white earbuds).

[kottke.org]

I was trying to track down the source of an IP address conflict earlier today and I came across two sites offering a search service for the initial 24-bit (6 digit hexadecimal) vendor portion of an Ethernet media access control (MAC) address. The IEEE service is the official one, from where you can also download the complete listing, but MAC finder is also useful as you can use the ?string=00%3a00%3a00 command on the end of the URL (replacing the zeros with the appropriate hexadecimal digits).

[Mark's (we)Blog]

• WarLinux – A bootable Linux distro packed with WarDriving tools
• WiFiMaps.com – A web based interactive map of WarDriving data
• Wigle.Net – Wireless Geographical Logging Engine
• NetStumbler – I always have this on my laptop
• NetChaser – PalmPC software for WiFi scanning
• LinkFerret – Windows software for network scanning
• Jeff Duntemann’s Wardriving FAQ – Packed with tons of information
• The Ethics of Network Detection – Interesting read
• 9 years for Wardriving – Caught on the wrong side of the law
• WarDriving: Drive, Detect, Defend – A Guide to Wireless Security

and last but not least …

• WarDriver Vinyl Stickers – Yes .. you can find anything on the Web