Anonymous

whsecurity

New member
The line between good and bad is very small and not easy to see most of the times. Every person who protest for his/her rights has the right to do so but must be aware when to stop and for the consequences. Until now I think they move close to the edge but in safe waters.

I like the way they fight.

But the internet have a big bad thing: You don't know who is behind the other screen. So as far as I know maybe is my good neighbour, a prisoner, a 13 years old kid, the same government they are fight or any other...
 

Genesis

Administrator
I thought hackers always operated anonymously? Any way, I know as much that there is something like good hacking and bad hacking. So I'd imagine that Hackers Anonymous would have both types. Bad hacking is when someone does malicious damage to Websites and servers. Now those kind of hackers I don't have any eye lashes for. Particularly when they go for small servers.
 

PeaceSigns

New member
They seem like a bunch of pimply teens in a basement somewhere with a loose definition of rules and ethics. Frankly, I don't mind what they do - but the presentation of their mandate and updates are kinda immature.
 

ChickenFanatic

New member
am not a fan of a large quantity of anonymous, the majority of them are what are commonly termed 'script kiddies'; not hackers,they have hijacked the term hacker to ride the waves of hacker culture and also to make organisations fear them; all they are doing is paint by numbers SQL injection; using a very basic exploit of mySQL [especialy the older versions] and using a old GUI based DoS program to knock sites offline when they all IRC with each other to arrange their play dates.
the minority of anonymous believe in the message they shout and arent just saying it to excuse blackhat behavior.

anonymous isnt one 'organisation',there are lots of factions who believe in different things and have different levels of morals, some are vicious blackhats who will stop at nothing but some are only in it for political and activism reasons.
this is the problem because its one group but all very diverse in terms of legality/morals.
 

Genesis

Administrator
@ChickenFanatic What would your advice be for your small Forum that can't afford expensive servers with loads of security built in. I'm not talking about Gigalicous here as we have specialists on the job as well as are on a state of the art server. What I'm talking about is your guy at home who has a small Forum that has a popular theme discussion wise, enough to be noticed by script kids who are into ddos for sport. What anti-ddos measures would you recommend that would be easy enough for the novice to employ?
 

ChickenFanatic

New member
Genesis said:
@ChickenFanatic What would your advice be for your small Forum that can't afford expensive servers with loads of security built in. I'm not talking about Gigalicous here as we have specialists on the job as well as are on a state of the art server. What I'm talking about is your guy at home who has a small Forum that has a popular theme discussion wise, enough to be noticed by script kids who are into ddos for sport. What anti-ddos measures would you recommend that would be easy enough for the novice to employ?
hi genesis,
from what have personaly seen though luckily not experienced it directly,small/regular/medium sized individual forums are more under threat from SQL injection than DDoS,as the vast majority of forums are based on someone elses hosting business which have better server rigs & security setups than they can afford themselves.

one thing will recommend to all forum admins;especialy those with contreversial topics [such as hacking, even when its nothing to do with the illegal side....politics,religeon etc] is to enlist the help of their community to compile a huge list of all known proxies,VPNs and anonymous websurfing companies-then black list them all so no connections from these can be made to the server,perhaps leave one un listed and tell any regular members who have no choice but to use proxies to access through that one.

hackers tend to pay for a VPS or VPN [which dont produce logs] or daisy chain free VPNs and proxies to make detection as difficult as possible [though truth be told they arent impossible to unravel],many of the blackhat anonymous members use 'hidemyass.com' and it was also what all the lulzsec members used.

those who own their own server [as in,physicaly own it or pay for their own dedi] shoud continuously make use of stress testing software to make sure their hardware and forum are up to the job if a flood suddenly hit,there are some good free open source alternatives available;wish was able to remember names of ones have come across.

forum admins can do themselves a favour by making sure they keep both their database and forum software up to date,as well as updating any exploit patches.
making sure they regulary backup the DB and routinely checking their server/server partition for shells to make sure there are no back doors in the making.
a well known major hacking community didnt do this,the owner did back up often,but he was to busy to check for shells to realise a member with a grudge had backdoored it,nabbed the database,gave it to lulzsec who unsalted the encryption and....well the rest is history.:bomb:
 

Genesis

Administrator
ChickenFanatic said:
a well known major hacking community didnt do this,the owner did back up often,but he was to busy to check for shells to realise a member with a grudge had backdoored it,nabbed the database,gave it to lulzsec who unsalted the encryption and....well the rest is history.:bomb:
I've seen this many times as well. Worst one I've seen is a hacker with a grudge at another Website on a shared server - i.e. free hosting, and then hacking into the server software at the same time, affecting every one else with Website space on that server. Then going back to its discussion forum bragging about the exploit. There is a certain mind frame that goes with this that is completely disassociated and disconnected with the damage that it has done to others.

About VPN proxies. It's a pity your bad hackers is giving a bad name to the use of proxies. Like good and bad hacking, there are good and bad proxy users. Sometimes the IPs of a country where there is only one IP provider, could be so bad from a security point of view, it pays to get a different IP. For example, in some countries the dynamic IPs are shared with hundreds of other users who could be spammers, hackers, whatever, and also ups the chances for online transactions being intercepted and credit card information stolen. The alternative static IP in that country comes at an unaffordable cost, usually reserved for big business. So from a security and reliability point of view it is almost recommended to get a proxy IP that is more reliable and secure.