Earlier this week, the self-proclaimed “hacker community” Astalavista (not to be confused with the other Astalavista) has been targeted by hackers itself. While this site isn’t as popular as it was years ago, I’d consider this a rather high-profile target; in this case, the so-called “anti-sec group” thought so as well. They posted this message after hacking the site:
Why has Astalavista been targeted?
Other than the fact that they are not doing any of this for the “community” but for the money, they spread exploits for kids, claim to be a security community (with no real sense of security on their own servers), and they charge you $6.66 per months to access a dead forum with a directory filled with public releases and outdated / broken services. We wanted to see how good that “team of security and IT professionals” really is.
Apparently they were not that good; this text detailing how the server hosting the site was hacked and what information was available was posted on the astalavista site after the hack. It looks like an exploit against the LiteSpeed webserver was used; after that gaining root access was trivial.
Amongst the other information available were unencrypted passwords, and a backup script containing login details for the backup server. After the hackers had a good look around the server, they deleted files on the system, the MySQL databases used to hold content and users, and posted a detailed log of what they did.
It looks as though they also managed to remove the remote backups; the site is now back online, but there appear to be lots of sections missing, even though several days have passed. They did switch to a completely different server running Apache instead of the hacked LiteSpeed though: