Versionen im Vergleich

Alte Version 13

changes.mady.by.user Talos-Zens Alexander

Gespeichert am

verglichen mit

Neue Version 14

changes.mady.by.user Talos-Zens Alexander

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

Q: Are you saying we have hacked you?

On the contrary! During the analysis of a security breach that happened in our constituency, The evidence we found indicates that the hackers may also have your systems on their radar.


Q: I have received a notification from ACOnet-CERT regarding the 750x7 issue. How do you know?

Note: The following applies only if you received a notification by ACOnet-CERT regarding this issue.

We had to analyse a security breach in our constituency (that is: a site was hacked and we looked into it). We found serveral pieces of data with IP addresses. We did our best to interpret these and notify the owners of these addresses. Any background information we can give is on this wiki page.

 

Q: Can you prove it? Send me logfiles!

Short answer: NoSorry, that can't be done.

Long story: Following our investigation, we alerted the owners of any IP addresses we came across, that they may have a security problem and suggested to check the corresponding systems. We do not state that a compromise has taken place or that a vulnerability is present. Operators will have to decide themselves whether they want to take the time to checkmade quite an effort to

  • compile this wiki page
  • interpret the different pieces of evidence we could get hold of
  • try and determine which other systems are involved.

As a service to the community, we sent warnings to these sites. This was a large number for us (although we're used to handle notifications automatically). Dealing with gazillions of bounces and autoreplies was an even bigger workload. But most importantly: It was absolutely worth the hassle! Our mission is, after all, to make the internet more secure.

We regret that we must decline requests for individual log files or "proof needed by our customer to start the investigation". At some point, we have to protect ourselves from getting dDoS-ed, as this would impair our mission. To start the investigationh, all that's needed is on this wiki page, and we'd be happy to improve it if necessary.

 

Q: Can you check if my site is secure?

Testing for vulnerabilities could arguably be interpreted as hacking. We never launch "hacker tools" against sites outside of our constituency.

 

Q: What does the name 750x7 stand for?

...