Philippine Air Force Site hacked
The picture above was of the hacked PAF.mil.ph site that was posted on Technews-ihaw.blogspot.com (my favorite philippine counterpart to zone-h.org)
How can we help the sysad of PAF.mil.ph? What can we figure out about this? Let me start by stating some of the obvious:
1. The site is running on Windows 2003 and hosted by IPG (PLDT) with IP address of 58.71.21.8
2. The hackers are EscMan, Lyscanh, icekiller, solidnuts,Venoxvx, and Xgen…So they are probably a hacking clan/team. Where are they based? probably Brazil.
3. They have a vulnerability scanning tool called xroot.
4. They are found in Irc.GigaChaT, main channel
So the questions here are:
1. Was the windows 2003 properly patched?
2. Was the windows 2003 server protected with a good anti virus package?
3. What did the weblogs and eventlogs show? (if the PAF sysad can share snippets with us…it would help identify the vulnerability)
Filed under: Computing, Security
