Tuesday, June 9, 2009

Astalavista Part 2

Seems that the tragedy continues,

He was also part of Astalavista ( RIP ) staff. Looks like everyone involved in that cult is a security expert.

infosec.org.uk - PWNED
defaultports.com -PWNED

and some others websites owned by Astalavista Staff has been hacked and all user details have been exposed.

Take a look at this new full disclosure

Response From Astalavista Staff: <- so LOL

I am going to report back what exactly happened. It was not a real hack but an exposure of my plaintext password on Astalavista Defacement.

Through that they logged in to my gmail account where I keep lot of passwords as it is a private email account and they get access to the server.

Including crownvip and root password!

They were logged in on the server yesterday as crownvip username from a korean ip which after I port scan seems to be a proxy. I did not give too much attention on that but this account password is on my gmail account and its 8 numeric letters only. I do not believe that they bruteforce sshd to get this account as I have installed BFD (Brute Force Detection) on the server while I was hardened him.

Everything is recovered back and we are working to bring the server live while we upload the delete backups back to the server.

Backups already recovered


No comments: