Everyone’s a hacker in PH nowadays

Seems like the number of groups claiming to be hackers in the Philippines increased tenfold since the success of anti-Cybercrime Law operation. Forums of these hacking groups also surfaced containing cracking tools and tutorials readily accessible to the public. Side note: I just have to say that the quality of the setup of these forums blows, loading times are so slow, one of the forums even copied contents from the “Diablo III” website.

Yesterday, November 16, our site was the target of a DDOS attack in an operation called “Black Friday” by lesser known Filipino hackers which was later said to be not sanctioned by the main hacking groups by saying that this certain Friday was not their specified operation date. Fortunately for us, we survived yet another attack. Disclosure: yes we get intrusion attempts on our site weekly. What I don’t get is that why is our site being targeted by these hackers when we are the ones helping them. Such is the life on the other side of the fence. I remember back in the old days when a hacker targets, he hits. His agenda is not for popularity (well maybe a little) but for curiosity. We like to say the age old adage – I do it because I can.

As of the moment, the post that contain the link to the DDOS app was removed in the Facebook page of the hackers (or should I say crackers).

By looking at the posts and comments on the Facebook pages of this supposed hackers, I can not help but see that the quality of posts are degrading. What started as a heroic fight against the Cybercrime Prevention Act of 2012 has now become just a portal for “skids” (experienced hackers know what I mean). Bashing a person just because he/she differs with the general opinion has become a trademark. What happened to the freedom of speech we so dearly are fighting for.

Yesterdays attacks were about the Ampatuan trial. I get that, that’s cool. what I do not get is that the attacks happened on sites that do not have any relevant connection with the trial. Example: http://www.loto.com.ph/, http://www.votek.com.ph/, http://www.sanjosecity-ne.gov.ph/index.php, etc. Even a website for Christians http://www.resurrectionparish.com.ph was attacked.

A reason would be that they were trying to raise awareness that is why these seemingly not connected websites were defaced, I get that. They can.

In the end, I just think that these continuous defacements is not doing the country any good. Foreign hackers even see us as easy prey. If they really like to help strengthen our cyber defenses, notify website admins of vulnerabilities. Oh I know that some of the government webmasters have a high sense of pride to listen or are not just technologically adept to plug in this holes, I have met some of them. But these trend is changing. Ngayon security conscious na sila, and that is because of the hacking groups with good intentions.

Lahat tayo gusto makatulong sa bansa. That is part why I applied in the government and I encourage you to do the same. Kahit maliit ang sweldo. Cheers.

Prevent Apache and PHP to disclose any information about themselves

 

/etc/apache2/apache2.conf

1. > ServerTokens Prod

2. > ServerSignature Off

/etc/php5/apache2/php.ini

1. > expose_php = Off

The hacking of a government website–28 May 2012

(I just really need to document this, upang magsilbing alaala na mas maging vigilant at mapanuri sa aking mga ginagawa at inaadminister na websites. Isang paalaala sa akin na kahit secure ang code, mas importante rin na secure ang serber)

28 May 2012, 7:30 ng umaga sa opisina, napuna na namin na napasok nga ng chinese hackers ang website. nag email na agad ako sa aming host (ePLDT vitro). kasama sa email ko ang 2 .php files na na-insert ng chinese hackers. nakapaglagay sila ng file kaya ibig sabihin na compromise na nila ung server. ang nakapanghihinayang, walang access ang kaming sa server kundi ang pldt lang kaya wala kaming magawa kundi ang antayin sila.

Makikita rito ang ibang detalye ng nangyari: http://zone-h.org/mirror/id/17724467

Matapos ang pag hahagilap sa net tungkol sa Silic Hacker Army Group. nakita ko ang forum nila, at duon naka detalye ang ginawa nila sa website namin:

Kung may makakapag traslate lang sana nito ng mas malinaw kesa sa google translate na ito:

Ang nakita kong downfall ng site ay ang pagiging hosted nito sa isang shared environment. kapag mayroong isang site na vulnerable, maaari na ring makita ang ibang sites. bagamat alam kong ang target talaga nila ay ang doj.gov.ph, mababasa rin ang firstmetro.com.ph na aking pinagsususpetsahang unang pinasok ng chinese hacking group.

Ito ay naireport ko na sa ePLDT helpdesk 28 May 2012 pa lamang dahil sila lang ang may access sa servers.

Pagdating ng 29 May 2012 ng gabi, heto at pinasok na uli ng isang hacker, ngaun naman ay isang grupo na pinoy. gamit ang iniwang butas ng chinese hackers, ito ang nilagay nila sa db upang mag redirect sa deface page nila: <META HTTP-EQUIV="Refresh" CONTENT="0; URL=http://organicx.co.za/PRIVATEX/">

Ngayon, kelangang wag akong titigil hangga’t hindi naililipat ang site sa bagong hosting na dedicated at updated ang setup which is what I should have done ever since I started to work here.

Sura Build

 

EF/GOH type
Str - 115 + 16(n=buffs&job bonus)
Agi - 1
Dex - 75 + 17(n)
Vit - 95 + 5 (n)
Int - 86 + 14(n)
Luk – 42

Carga Mace

Tips to Help Fellow Philippine Site Administrators - Part 1

This was meant to help and to give some real tips to my fellow site administrators or anyone in-charge of maintaining a government/private website especially today that a lot of hacking/defacing incidents are happening in the Philippines.

First and foremost I know that most government sites are hosted on free or substandard hosting packages because of budget constraints or "pwede na" attitude of their IT admins. Therefore resulting in low security and unavailability of updated versions of software. (note: atleast enable .htaccess or folder policies and configure it properly).

As I watch and read about these incidents, common messages given by hackers and some IT correspondents interviewed by reporters are ‘please sanitize your code’ or ‘improve your security’, but how do we exactly do that? The goal of this letter is to give pointers on how exactly to ‘sanitize code’ and ‘improve security’.

Please note that I am not an expert certified by a dozen ethical hacking certificates and keep in mind that this list is not an end all, software is always evolving but I assure that these tips will get you up and running in securing your sites.

‘Sanitize your code’

1. Check GET, POST, REQUEST, COOKIE. These functions which are commonly used in forms and variable URL parameters are entry points for SQLi and XSS attacks.
   
   

   Example:
   
   In  PHP, use mysql_real_escape_string($_GET[‘var’])    

   ^- can be extended on a function
   
   Learn how to use strip_slashes(),  urldecode() and 

   preg_replace() in PHP.

   
   
   
2. To combat those redirect urls, use strip_tags(), html entities(), etc  on your content.
   
   Tip:  after every query, put strip_tags() or any other code you prefer to clean text data before displaying any content so  even if content like <script> http://pastehtml.com/view/defacepage.html</script> is already in your database it will not be considered as html markup because the <script> tags will be removed.
   
   
   
3. Do not use GET, POST, REQUEST, etc in SQL queries without cleaning them first. Use parameterized queries and stored procedures, if possible, in queries but I have yet to see government agencies that use sproc often.
   

   Example:
   
   
   Do not use:
   
   $q  = “SELECT * FROM table WHERE ID=’”.$_GET[‘id’].”’”;
   
   Use:             
   
   $param  = mysql_real_escape_string(strip_tags($_GET[‘id’]));
   
   $q = “SELECT * FROM table WHERE ID=’$param’ ”;