Another (lame) web defacement. This is the second time I've defaced these domains, and the fifth time I've recieved their spam crap.

• 63.104.128.[68-72]
• aaasearchenginetechniques.com
• gordonpgill.com
• otcstockletter.com
• thesolidusgroup.com
• successtopia.com
• syberschool.org
• web-bizonline.com
• myonlineincome.com

Shortly after being spammed from the same fucking system I was last time. For those who didn't see my last little note, I was pissed off after recieving a pile of junk mail sent from highway235.com's inept management, who quite obviously wouldn't know responsible online marketing if it bit them in the arse.

I recieved this spam for dodgy aphrodisiacs the other day, and left a nice note to the site's owners about responsible online marketing practices. Now I recieve more spam from them? WTF. Damn spammers.

So here I am again.

        Useful Links

• Info on Spam: Boycotting spam e-mail promotes responsible online commerce.
• CAUCE: Join the fight against spam.

        These guys would love to hear from you

• H.A. Hunter, owner of otcstockletter.com, can be contacted on +1-713-227-5455. He'd love to know how his product is being represented online
• Tommy Brock, administrative contact for highway235.com would appreciate feedback on the flaws in his marketing campaigns on +1-513-743-6185

I'm Vortex, a minor who is not interested in making the little guy stand to attention with dodgy pills, nor am I interested in being told which penny shares to buy. I don't have a credit card, I'm not old enough to buy half this crap, and it's irrelevant to me as I'd trade stocks and shares in my home country if I was going to do it at all.

Last time it was through the BIND < 8.2.2-P5 buffer overflow exploit (detailed at CERT), which I patched after exploiting, upgrading their nameservers to a secure release. The admin was informed of the remaining ways I had to access the system, and I requested that they refrain from using bulk mail to market their products. This time, I noticed my backdoor was still in place (!!).

Again, I haven't damaged anything (despite making threats about "if it happened again...", I'm not going to rm -rf anything because that would make me worse than the spammers. Plus, I don't think the system admin is such a bad guy, he appears not to have any part in the spamming. Personally I reckon he should find a job at a company with ethics...)

OK admin guy, here's how to close my holes (Oooh yeah baby! ;) ). Look in /tmp/.b/, these are your original binaries (ps, netstat, etc). Copy them over the ones reported by which [binary], as the ones in place are trojaned to hide my bindshell backdoor. Remove /usr/bin/prnmon (Sorry, I said this was /usr/bin/sh2 in my mail, I forgot I renamed it!). Edit /etc/rc.d/init.d/crond and remove the line that starts up /usr/bin/prnmon. Remove my SUID shell in /tmp/.X11. Check /etc/shadow and remove the password hashes for the accounts near the top which shouldn't have passwords. Oh, and please talk to the management about marketing online properly, and get them to read the spam.abuse.net URL for information on what they're doing wrong. Oh, and buy the latest copy of Redhat, if you must use it, rather than leave an old pile of crap online.

• "How ironic!": The next userfriendly.org cartoon in the series. Wonder if I'll get to post an entire week's worth of these?
• This is not hacking, it's cracking. Hacking is legal, fun and productive. Cracking isn't.
• The RIP Bill was passed in the United Kingdom recently, this is a sickening attack against the privacy of it's citizens, allowing the state to silently intercept electronic communications in a manner much akin to that of Orwell's 1984. The only other countries with similar laws are Russia, Singapore and Malaysia... mmm, love those human rights records over there... Protest RIP!
• Once again my mates get to see their names in lights, as I do the usual script kiddie thing of shouting out to everyone I've ever met... Actually, here's a select few. Annepie, Andy, LabSix, #pde crew (as in most of the people I know IRL these days... But Astraea, Squinky, Hypo, Raven, Charlotte, Tub n'Astro in particular), Proteus, Mel, Rune, Sarah, Cube, Digital Blasphemy and that lot. 'Specially "m4d gr33tzzz" to Squinky and Astraea... who're quite obviously made for each other <grin>

Well that's enough lameness for now. Later. Hopefully it won't be a hat trick ;). V.