Mac sites are being hacked by blackhat XSS hackers
Posted by xssworm on November 23rd, 2007
There have been a lot of Mac web blogs hacker defaced recently by hackers that are using 0day XSS scripting exploits in Wordpress.
One victim of the 0day XSS Miles Evans from MacApper.com writes:
“I took the liberty of analyzing the hack a bit in the hopes it helps others prevent this from happening to them. Although we had updated our blog to the latest version of Wordpress, near as I can tell the hack was accomplished via an XSS (cross site scripting) exploit. By executing some malicious code in the query string the hacker was able to write to our .htaccess file the following:
#this is for rotten mac fanbois - suck it down.
#RewriteRule ^divider.png$ /rotten/divider.png [L]
#RewriteRule ^rotten.jpg$ /rotten/rotten.jpg [L]
#RewriteCond %{REQUEST_URI} !^/rotten.*
#RewriteRule !rotten/index.html$ /rotten/index.html [L]
The problem is that the exploit appears to be unknown to Wordpress as far as I can see (I will be reporting it to them), so other Wordpress blogs may be susceptible. I wish I could offer more help.”
“[…] By default WP wants to handle the .htaccess file dynamically so it needs to be set world writable. We tweaked this before putting the blog back online and we should be safe now. If anyone needs a hand feel free to email me (milesevans _AT_ macapper.com).”
“When I was using XOOPS I got hacked once but all the little retard did was create a file called index.html. All I did was alter the Apache file so that PHP files were executed before HTML files and any hack after that from little brained people would have been thwarted. Any further attempts to hack WordPress are thwarted by a simple permissions change. Of course .Mac accounts are different because the hacker would first have to find your machine, intercept the Kerberos encrypted password (yeah, good luck on that one), and then do some damage. Considering many .Mac pages are edited using iWeb then any hacked pages would be up for a grand total of… however long it takes to upload to .Mac. Hell, comment floods can be removed simply by clicking the comment box and hitting delete in iWeb.”
Another reader, Chris, asks the very question that came into our mind as we read this report:
“To even GET data to the server, it would have to be a type 2 attack. I doubt this was overlooked in the release of WordPress 2.3.1, since the primary release was for security. Secondly, the vulnerable page would have to be a publicly accessible page, making a type 2 XSS even more rare. Finally, why would you possibly leave your HTACCESS file world-writable, and how would this “hacker” write files back to your server using a type 2 exploit anyways? At most it could be redirected to another site. Please explain.”
Wookie offers more technical advice:
“It’s more common than you know. This was something that needed to be done on older versions of XOOPS. It had to have at least administrator rights to access the file but the passwords etc are all plain text so it’s reasonably easy to hack a PHP based content management system and WordPress is no exception.”
Another Macintosh web blog, GlenWolsey.com, a Macblog site on blogspot has been taken down by a blackhat XSS hacker. The black-hat technique used in this attack was also a Wordpress XSS overwriting of a world-writable .HTACESS file.
A quote from the hacked site: “This website has been flagged for excessive Apple fanboism, and has been taken down for 24 hours. This is a message to the rest of the Mac community, so listen up. Ever heard of hubris? Tone it down, and you will not be attacked. Everyone else is open game.”
The XSS Blackhat hacker, known as Malcor, has posted many threats to his own pages:
“The target will be posted on this site once the attack begins. I will be sending said target a note with a heads up before. Hopefully, by the end of the attack, a sea change will begin to happen. Does anyone disagree with me that the Mac world be a much more pleasant place if smugness wasn’t tolerated?”
“The attacks will be untraceable, and unstoppable.”
Source: http://malcor.blogspot.com
November 23rd, 2007 at 11:32 am
Just who are you Malcor? You think you can make a big shot name out of yourself by tanking a few measliy sites? You want to do something special, hack the big boys, hack Apple.com. I bet you don’t have the nerve to do that, well, newsflash, you will accomplish nothing doing what you are doing now. Your a smudge on Apple’s corperate windshield and someone is gonna come along with the legal Windex soon enough, I hope you have your lawers ready.
I’m calling you out Malcor, hack http://www.apple.com right now or I decree from this point on that you are a two bit nothing that no one should take seriously and should be forgotten!
These people are like animals, and as such they must be treated like animals, when communication fails, you pull out the rolled up newspaper. In other words, the only thing that gets thru the oblivious and ignorant is the reaction to their own actions, unfortunately some manage to treat others like the dirt under their shoes for very long before any foul fate befalls them.
I have a feeling malcors targets are very limited, as he is not actualy smart enough to pull off a real hack and take down someone like MacNN, If I am correct he is DNS Cache poisoning, which only about 5%-10% of the sites on the net are vulnerable to. Thanks to Malcor, his targets and other possible targets will probably be looking to fix their security.
Why may you ask? Because I did the proper thing and steered clear of sites like them, unlike professional douch bag #584 here who would rather assult other peoples webpages to combat some nonexistant plague on mankind.
I’m not particularly angry, if I was you would know it, but that doesn’t mean I will spare him the business end of the brutality stick. I want him to just know how self absorbed he is, weather it dawns on him now or later is not a matter. But eventually his stupidity will fall down on him, and guessing by the type of personally he has, I’m guessing it wont be until he is staring down at a court subpoena with his name on it.
I’ve met plenty of his type and I don’t cut them any slack, they think that just because something isn’t just how they want it it’s their god given task to walk all over them. Well guess what, your the plague, you want to see smug and self satisfied? Look in the mirror.
What do you expect to accomplish by this then? Pissing off a few people who don’t care? They will have their sites back and soon enough and chances are one of them will get pissed enough to bite back. In the end you did nothing but humiliate yourself and make Windows/Linux users look like rabid wolves. Even other hackers hate you for this.
http://macteens.com/magazine/features/fullstory/what_the_is_a_malcor/
You wanna do something usefull? Hack someone that will actualy have an effect, right now all you are doing is piddly shitting around on the fringe of fanboyism.
Just wondering, what is this, DNS poisoning?
signed,
gravian the mac user.
November 27th, 2007 at 3:45 pm
Malcorwas a hoax. At least one affected party, a software vendor is determining how to go forward legally against the folks pretending to be Malcor.
November 27th, 2007 at 7:57 pm
Yes steve is correct as many of us suspected
Xssworm.com does not support the gaming of search engines and web 2.0 social networks by blogging about hacking.
November 29th, 2007 at 2:01 am
Boycott Mac Heist. It’s really that simple.
If you’re involved with MacHeist in any way, I’d like to take a moment to thank you. I wondered if you were all as big a bunch of tossers as I suspected and you have now removed any doubt in my mind. So thanks.
Pretending to be a hacker named Malcor, these tools claimed to have hacked various mac community websites on the grounds that the community is too smug for its own good and needed to be taken down a peg (mmmmmmmmmmmm…. *strokes neckbeard*)
I’m Angry with MacHeist and the people who went along with their crackpot idea for a number of reasons:
It’s irresponsible:
We have enough computer security issues to deal with without having to chase our tails looking at made up ones.
It’s inconsiderate of others:
The impact to wordpress and ExpressionEngine and their users of a vulnerability could be considerable in terms of time and expenses lost trying to patch a hole in software and deal with the damage to their reputation that being caught out this way can bring.
It is highly irresponsible of MacHeist and their co-conspirators to inflict this expense on those people and those companies for the sake of a childish joke and some free PR.
It diminishes the integrity of similar websites:
There has been considerable debate in the past about whether or not bloggers are journalists in some way. I’ve tended to stay out of this for a number of reasons, the chief of which being that I felt the whole question was astonishingly pretentious and that the idea that simply posting to a website on a regular basis gave you the rights and responsibilities of a journalist (such as they are) was patently absurd. However, not everyone agrees with me, or else the question would never have arisen.
If you want people to take your opinions seriously, you must behave in a responsible and serious manner. That isn’t to say that you can’t have a joke every now and again, but rather that you need to have limits and ethics that define your limits; what you will or won’t say, what you will or won’t do, what you will or will not become involved in.
This is the problem with these sites who participated in the stunt. By taking part in such a cheap trick they have shown that they cannot be trusted to behave in a responsible manner. This might be forgivable for any personal blogs or websites that took part in this but is totally at odds with what you should expect from any other kind of site.
The sad thing is that not only have these people chosen to tarnish themselves, but also by acting in that way they’ve tarnished the rest of us too.
April 1st, 2008 at 8:07 pm
cool site for my mind its very goodPlease, send your abuse here!!! send.your.abuse.here@gmail.com
April 2nd, 2008 at 11:51 am
cool site for my mind its very goodPlease, send your abuse here!!! send.your.abuse.here@gmail.com
April 3rd, 2008 at 3:54 am
cool site for my mind its very goodPlease, send your abuse here!!! send.your.abuse.here@gmail.com
April 3rd, 2008 at 7:41 pm
cool site for my mind its very goodPlease, send your abuse here!!! send.your.abuse.here@gmail.com
April 6th, 2008 at 5:06 am
I found your site on faves.com bookmarking site.. I like it ..gave it a fave for you..ill be checking back later
April 8th, 2008 at 11:25 pm
HelloEvery other blog I have read about Linksys Ip, has been lacking in information. Your insight into Linksys Ip is sooooo much better than anything else I have read. Thanks Chris.
April 13th, 2008 at 3:10 pm
I am not sure that I can completely understand your comments. Would you be so kind as to expand on your reasoning a little more before I comment.
April 13th, 2008 at 10:51 pm
I couldn’t understand some parts of this article Mac sites are being hacked by blackhat XSS hackers, but I guess I just need to check some more resources regarding this, because it sounds interesting.
April 19th, 2008 at 10:00 pm
testing
April 22nd, 2008 at 1:04 pm
Hey! Finally I found a site the has some good information on free myspace html graphics codes. I was searching around and found your post Mac sites are being hacked by blackhat XSS hackers, thanks for the good info..I\’ll be checkin back soon.
April 24th, 2008 at 7:48 pm
Good site I “Stumbledupon” it today and gave it a stumble for you.. looking forward to seeing what else you have..later
May 4th, 2008 at 6:13 pm
I was searching for \’Discover Bank Money Market\’ at google and found your post named \’Mac sites are being hacked by blackhat XSS hackers\’ in search results. Not very relevant result, but still interesting to read.
May 5th, 2008 at 7:10 am
ihlnzrdqy dbzcqv cdbsly wsgmtldj oidfqlmzc ozvstbfx gsqzmcla
May 7th, 2008 at 2:05 pm
Thanks for this post!
May 8th, 2008 at 2:11 am
I was searching for \’Discover Books Ltd\’ at google and found your post named \’Mac sites are being hacked by blackhat XSS hackers\’ in search results. Not very relevant result, but still interesting to read.
May 9th, 2008 at 11:35 pm
Are you interested about website promotion in different way? About online marketing use white, black and grey methods? Would like to discover latest methods? Well, it’s for memebers only…
May 10th, 2008 at 5:25 am
Hey!! I am thoroughly impressed with your knowledge of Myspace Quote Icons. Your insights into this article about Myspace Quote Icons was well worth the the time to read it. I thank you for posting such awsome information. Signed James Kryten on this Day Saturday.
May 13th, 2008 at 7:40 pm
I searched for \’File Host Mirror\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
May 13th, 2008 at 11:33 pm
Hello my friends
May 15th, 2008 at 6:20 am
I was searching for \’Discover The Word\’ at google and found your post named \’Mac sites are being hacked by blackhat XSS hackers\’ in search results. Not very relevant result, but still interesting to read.
May 15th, 2008 at 8:37 am
Good site I “Stumbledupon” it today and gave it a stumble for you.. looking forward to seeing what else you have..later
May 18th, 2008 at 4:45 pm
Did you try to run online business and failed? Your websites make only a few hundreds of dolars per month? Want to know how to make more? I will teach you how! AdSense Money Maker is the best software on the Internet today that builds Google AdSense ready websites automatically. It has slow building feature, lots of different templates, builds AdSense TOS compatible pages and is completely automated. You must see it!
May 20th, 2008 at 7:40 pm
Hello everybody. I’m new here and wanted to say hi.
May 20th, 2008 at 11:52 pm
I searched for \’You File Host\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
May 22nd, 2008 at 7:43 am
I searched for \’Website Site Promotion Free Host\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
May 22nd, 2008 at 11:43 pm
I searched for \’File Host Free\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
May 25th, 2008 at 7:48 am
anybody here know of a good site to find more info on Make Fast Money Online Free Legally? I’ve got this site bookmarked and im gonna keep checking it out, but i still would like to find a site that covers Make Fast Money Online Free Legally a little more thoroughly..thanks
May 26th, 2008 at 7:43 am
I searched for \’Your File Host Vids\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
May 27th, 2008 at 3:47 am
I searched for \’Host A File\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
May 28th, 2008 at 3:45 pm
I searched for \’File Host Url\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
May 28th, 2008 at 7:41 pm
I searched for \’Your Free File Host\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
May 29th, 2008 at 3:47 am
I searched for \’Clear Host File\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
May 30th, 2008 at 4:16 am
It is a quite interesting post but quite difficult to understand for me -
June 1st, 2008 at 8:33 pm
I couldn’t understand some parts of this article Mac sites are being hacked by blackhat XSS hackers, but I guess I just need to check some more resources regarding this, because it sounds interesting.
June 5th, 2008 at 5:20 am
Wow, am I the only one who just does not get this ?
June 7th, 2008 at 3:44 am
I searched for \’Windows Script Host\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
June 10th, 2008 at 7:40 pm
I searched for \’How To Create A Host File On The Mac\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
June 12th, 2008 at 11:44 am
I searched for \’Free Website Site Building Host\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
June 13th, 2008 at 7:40 am
I searched for \’Host File Extension\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
June 14th, 2008 at 3:44 am
I searched for \’Free Web Site Free Host\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
June 15th, 2008 at 7:44 am
I searched for \’How To Host A Web Site\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
June 15th, 2008 at 7:45 pm
I searched for \’Your Host File\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
June 16th, 2008 at 4:00 pm
Hello, I was looking around for a while searching for computer security issues and I happened upon this site and your post regarding Mac sites are being hacked by blackhat XSS hackers, I will definitely this to my computer security issues bookmarks!
June 16th, 2008 at 6:21 pm
I read similar article also named Mac sites are being hacked by blackhat XSS hackers, and it was completely different. Personally, I agree with you more, because this article makes a little bit more sense for me
June 20th, 2008 at 6:40 am
Friday I was searching for sites related to Web Hosting, but more specifically free web page hosting. I found your site.
June 24th, 2008 at 1:21 am
Hi Wow what a fantastic article about Free Myspace Html Graphics Codes! Your keen insight into Free Myspace Html Graphics Codes is informative and creative. I look forward to reading other articles you have. Thanks.
July 1st, 2008 at 3:07 pm
Do u think its nice way to define? you should take care of some things in future posts.
July 2nd, 2008 at 11:40 pm
I searched for \’Site Php Site Host Web Hosting\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
July 3rd, 2008 at 7:43 pm
I searched for \’Free Website Host\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
July 4th, 2008 at 2:38 am
Thursday In searching for sites related to web hosting and specifically business discount hosting small web, your site came up.
July 4th, 2008 at 10:11 pm
Well some like this way, Buy I think you should consider the another side of the toppic too. Thanks
July 5th, 2008 at 7:53 pm
Could not agee with you more..
July 8th, 2008 at 11:52 pm
Did you ever think about website building and money making in different way? Webmaster Book is not just another useless money making guide. It’s 100% unique and absolutely different webmaster guide, which will completely change your understanding about website promotion and money making online. If you are interested how different webmaster book is, just study this book carefully and you will NEVER need to buy another website promotion book or money making guide - you will be able to make money without any help. After reading this book you will not search for new strategies when old methods will fail - you will discover working strategies yourself!
July 9th, 2008 at 3:00 pm
discount computer partsMac sites are being hacked by blackhat XSS hackers
July 10th, 2008 at 11:41 pm
I searched for \’Windows Host File\’ in google and found this your post (\’Mac sites are being hacked by blackhat XSS hackers\’) in search results. Not very relevant result, but still interesting to read.
July 13th, 2008 at 7:00 am
Its all about efficiency and this method is good but not the most efficient …..
July 16th, 2008 at 1:05 am
anybody here know of a good site to find more info on free windows hosting software? I\’ve got this site bookmarked and im gonna keep checking it out, but i still would like to find a site that covers free windows hosting software a little more thoroughly..thanks
July 18th, 2008 at 1:24 am
Thursday I was searching for sites that are related to Internet Marketing Strategies and specifically for internet marketing meta promotion site tag web.
July 19th, 2008 at 9:06 am
Some good ideas here! But i\’m not completely sure if more people will agree with you on this than you may think.
July 20th, 2008 at 5:19 pm
Good site I \”Stumbledupon\” it today and gave it a stumble for you.. looking forward to seeing what else you have..later
July 21st, 2008 at 4:10 am
Can it be that your server is infected with a virus - I get an Virus warning when I open your site with Firefox - Just for your Info.
July 22nd, 2008 at 9:19 pm
I
July 23rd, 2008 at 5:21 am
qCPZod gfb07yvt9d6t94wbtx63bgq7d
July 23rd, 2008 at 12:43 pm
discount computer server partsMac sites are being hacked by blackhat XSS hackers