Collaborative Computational Project Number 14
for Single Crystal and Powder Diffraction
Server Security Information
Why bother with Computer System Security and Securing Web Servers?
The CCP14 Homepage is at http://www.ccp14.ac.uk
Q: Why bother trying to keep up to date with patches, etc for
securing a server visible on the internet?
A: Because the odds are a script kiddie hacker will then easily discover
exploits in your server. Thus, you will come in one morning and see
something like the following instead of your real web-page (or experience
the fun of recovering from a hacker erased hard-disk)
- "Lion Internet Worm" DDOS Targeting Unix Systems
- Lion Find:
- Highly destructive Linux worm mutating:
- "This one includes a feature similar to one in the Ramen worm, which
altered the Web pages of hacked HTTP servers with the message
"Hackers looooooooooooove noodles," signed by the "RameN
The new Lion worm sets up an HTTP server on port 27374 and
erects a page bearing greetz from the Lion crew, Fearnow told us.
All versions (there are three now) are virtually idiot proof,
fire-and-forget tools. Each package contains a scanner which
generates random class B addresses searching for an opening on
port 53. It then queries the version, and if it finds it's vulnerable, runs
a well-known BIND 8 transaction signature (TSIG) handling code
exploit, and installs the t0rn rootkit."
- "We were hasty this week in our initial coverage, where we took a
swipe at the FBI's National Infrastructure Protection Center (NIPC)
over a Lion advisory bulletin of theirs which we deemed alarmist."
- "So the NIPC bulletin is a bit gaseous, but not as grossly flatulent as
- FBI hacker sleuths hint at power-grid disaster
- "The network in question was stupidly configured for anonymous FTP
login with read and write privileges, pretty much a welcome mat for
anyone in cyberspace to post and retrieve files as they please.
Naturally some kids set up a game, with which they managed to
gobble up most of the network bandwidth.
The incident occurred because hopelessly incompetent network
administrators essentially left the door open, the lights on, and set
out milk and cookies for their anonymous guests. Technically
speaking, they left the writable FTP directory and its sub-directories
owned by the FTP account rather than by root, which would have
reserved write privileges to the network admins."
- ""Hacked" it most certainly was not. Trespassing is about the worst
offence one could claim here; but with no access control whatsoever
in place, there isn't, therefore, any digital "No Trespassing" sign in
evidence, and one might argue that they had no reason to believe
that the owner didn't intend to make his FTP account available for
public use. "
- Redhat worm touts instant noodles ('Ramen' worm):
- Hacking Linux BIND servers becomes child's play:
- BIND holes mean big trouble on the Net: