Padre
around 8pm tayyar.org got defaced for some time and then it was all chaos, between defaced and not so normal site.
now it's back up and running
here are some screenshots taken by a freind of mine
admin edit: to whom it may concern, nor Padre or LebGeeks is responsible for the act represented in the following picture.
cant upload the rest now, maybe later.
mezin
kewl !!
mir
well Padre.. u did it again :P ...
There was also a DOS on the site
well regardless of political opinion
I believe that this kind of stuff conflicts with the values of the ppl doin it
ano. there should be respect w democracy and those kind of values
and defacing kinda conflicts with the above values
and really.. no one can shut anyone up in leb
anyway..maybe they should have put some kind of message on the site.. or add a pop up or something
not a complete deface
rolf
cool
was there a dos on lfpm.org?
samer
Am I a predictor or what? While i was on the site at ~4PM yesterday, I noticed a database error and figured something is messing up with their web site. At first I thought it might be database overload because of the high-traffic the site is getting. But soon after I realized something was wrong..
Looks like zone-h didn't mirror it! Oh well.. too bad.
Oh and, I don't want this conversation to turn into politics.
Padre
no .... NOT ME :P
sorry about that, bass this time it's not me :)
battikh
it was 12:57pm and a wednesday 3and rfi2ak when it was around 8pm and a thursday in lebanon? using a proxy in saudi arabia? today is rainy 3ando? he has a toshiba? seems it has plenty of ram.
samer
It wasn't a DoS but if it were, I think it would be attackted by hundreds (thousands?) of zombies rather than a single computer doing it. That is, if he (or they?) did not use a vuln that leads to a DoS attack.
Padre
there wasn't any DDos ....it was a deface
and i think the admin had to restart the machine for some checks
i received that email in a forward. so dont really know who the original guy is.
bass how did u know about the ram ?
battikh
i did'nt :P bass eno he opens a lot of windows and has many plugins if firefox and has a lot of stuff in his taskbar and runs at the same time WoW :P
enno applications in taskbar+5 tabs in firefox+plugins+windows media player+7 conversation windows in msn+4 internet explorer windows showing pictures+paint+WoW+he takes a 1440x900 screenshot
mir
hide IP : 212.138.64.144
the proof he has lot of ram is that he is using 4 ie7 windows
media player
that means he has lot lots lots of ram to be able to run those
and since he never considered alternatives.. than.. it makes u think so :P
battikh
teh hide IP: 212.138.64.144:80 is a saudi proxy if i'm not wrong.
and the 4 IE7 windows are 4 different windows, not tabs, so each one could even contain more than 1 tab :P
Padre
yeah correct
ache4-0.jed.isu.net.sa (212.138.64.144)
212.138.64.0 - 212.138.70.255
Internet Service Unit ISU
KACST ROLE
Saudi Network Information Center, ISU
King Abdulaziz City for Science and Technology,
P.O.Box 6086, Riyadh 11442, Saudi Arabia.
+9661 481 3933
+9661 481 3254
samer
Padre, i was establishing the link between battikh's reply and the one Mir made :)
There was also a DOS on the site
seems it has plenty of ram.
===>
I think it was a DDoS by hundreds (thousands?) of zombies rather than a single computer doing it.
battikh
tayyeb, now we know that the guy:
-uses win XP :P
-has a toshiba laptop
-should have at least 1GB of ram
-uses a proxy in saudi arabia
-uses firefox and IE7
-have a 1440x900 screen resolution (using an external LCD screen? a docking station?)
-chats a lot :P
-uses google web accelerator
but still 1 problem:
if the defacement happenned on thursday at 19:00 beirut time (depending on tayyar's site), how come it's still wednesday 3ando? is he a person comming from a parallel universe?
Padre
lol...think about time zones...
battikh
i did, but it makes more than the maximum.
eno on his computer: wednesday 12:57pm
attack on tayyar's site: thursday 19:00pm
wich makes a difference of 30h and (la 7add 3elmeh) there is not a GMT-28 :P
i'm still on my first deduction, he lives in a parallel universe
Padre
ok then maybe the page was opened, and then screen shots were taken later :)
or the date was modified.
anyway, i dont think that the guy that sent the pic , is the one that hacked the site
MegaCool
Maybe the date and time properties are just wrong,because I visited the site at 21:06 and it was still hacked.
Padre
yeah probably.
anyway, i would be interested to know how this was done. scince im sure lots of ppl were trying to deface the site and it must be pretty secure. so let's come up with "how-to" for this one. any ideas ?
