Keep up to date with the latest announcements, news, releases and updates.
Keep up to date with the latest announcements, news, releases and updates.
The BackBox team is proud to announce the release 2.01 of BackBox Linux.The new release include features such as Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The ISO images (32bit & 64bit) can be downloaded from the following location: https://www.backbox.org/download
would like to wish everyone the best of happy Xmas and new year. The next year would be the big year of BackBox. We are expecting no more than what we have already done together in all this time. So, keep going like that.
As many of you already know our project is quite young but in just a couple of months we reached unbelievable goals. Currently BackBox has thousands of users all around the world and their number is rising up continuously. Several opinionists think that the “open” vision has been the key of this achievement. BackBox’s staff wish to remember all of you that whoever wants can collaborate and he doesn’t necessarily need to be a professional user. There is a variety of fields on which interested users can offer their knowledge as the forum, our website wiki but also advertising, marketing or even writing new documentation…
There shouldn’t be any issues about releasing the new BackBox version until the end of January 2012. The new version is going to fix some irrelevant bugs of the previous version, it will have updated packages and some tiny optimizations. Therefore there won’t be any major changes until BackBox 3. As regards the future versions, our purpose is to use Ubuntu’s LTS as basic platform so there will be just one major release and some intermediate releases every 4 months that would only introduce some bugs fixes and updated packages. The benefit from this choice should be that users wouldn’t be forced to reinstall the OS on every new release but they could keep it up to date just by using apt-get or synaptic tool.
Waiting for the new release, every suggestion from our users would be much appreciated.
Awaiting the release of new version of BackBox, we took the opportunity to renew our web site. A new look, portability and improved navigation and particular attention to new page for services aimed, the enterprise services that are required by organizations and/or businesses, to the community of BackBox. The offered services are free of charge.
The BackBox team is proud to announce the release of BackBox Linux 2. BackBox 2 features the following upstream components: Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The images (32bit & 64bit) can be downloaded from the following location: https://www.backbox.org/download
A Hacker can attack his own community? At the 1st August the site www.backbox.org has been defaced by a group of crackers known under the name of eMP3R0r_TEAM. Their page has been online for about 2 hours before the site has been restored back. This attack has been successfully due to a misconfiguration of the shared server of a well known Italian internet service provider that hosts our pages which is for several days has exposed the home location of thousands of users to attacks by crackers! Fortunately backbox.org was the only site to have been defaced, but has not ruled out that other data has been stolen for future attacks at other sites. Our analysis has identified more than 5000 vulnerable accounts!
As you know BackBox is a community that part of the Free/Open Source Software, simply developing a Linux distribution, and would not have expected such an attack. We do not adhere to any side that would define us as a subject of attack. A hacker has valid reasons to attack a specific entity, would do it for moral principles, ethical and ideological. Assuming that a hacker will never attacked a proper communities in our case we are dealing with a group of unstable that running random attacks as soon as they detect any known vulnerability on any web portal.
Of course even if what happened was truely sad we had not discouraged and not lose heart. After restoring back online our web site we start to investigate to get further information. We have analyzed step by step the entire attack process by reverse and we were able the gathered useful information (including personal detail) about attackers.
The “dreaded” eMP3R0r_TEAM is a group of iranian activists who carry out attacks randomly on whole potential vulnerable web sites by targeting mostly European sites. During our investigation and analysis we were able to obtain the complete details of the man who personally performed the attack (nick iM4n) and we collected a variety of tests that confirmed his identity. Just to make you some idea of a character who loves to dress brand, Tissot watches wears expensive, attends ski resorts of Uludag (Turkey) and has some very expensive computer equipment (laptop lenovo generation, etc..). The character that we dealing with is Amir Hosein, born in on 21/10/1983 in Hell (Tehran) Iran. He works full-time on IT security and he seems to be the head of a small team.
Returning to the technical aspects of the attack…
The issue has had dramatic implications for how it was managed by the our ISP. As we talking about a hosting shared in that case the responsibility of what happened is completely belong to ISP. Despite our repeated emails, the ISP has snubbed the entire story by not providing any kind of support and also denying us to access log to our site!
The attack began through one of the website with a Joomla installation insecure that reside on server where our site located. The crackers violating this CMS site and have uploaded a webshell with which they were able to read the backbox.org home directory. Strangely, for several days the home directory of all hosts on the shared server could be navigated easily by any user by allowing them also to read the configuration files. After heaving read the data relating to the installation of our forum (SMF) and using the same webshell they have changed the MySQL database records for the account admin and then getting administrative privileges/access to the forum. By obtaining the highest privileges there were quite easy for them to uploading a backdoor into the home of backbox.org through which they were able to modify the index.php file of our site.
After having confirmed the information above specified, by demonstrating how the data of all users of provider were exposed (and we were doing the entire job for provider), the provider have finally decided to pay attention to us and only after 5 days (since when we have noticed to them this issue) they were able to correct this vulnerabilities by setting correctly privileges for each user on server.
In on of their statement that they sent to us they says that after a careful analysis we have confirmed the vulnerability, which was occurred after an upgrade to a newer version of php. In short, the permissions of the public_html directory of “some accounts” were set up with incorrect values … (?)
The whole event/process is incredible… “a few accounts” as they say, are actually more than 5000 sites hosted on their servers. Since now the provider have no released any official declaration regardin! An “oversight” of this magnitude should be made known as soon as possible in order to give users the ability to backup their data and change the passwords of their sites.
Actually (I mean right now), it seems to be not accessible/readable anymore the user home directories from neighbor/other accounts. That’s why we have decided to release this news after the issue has been fixed. We would like to get further attention of our provider to remain vigilant, it is possible that the crackers are in possession of other information that could compromise the security of the entire server again.
Regarding eMP3R0r_TEAM must be said that they’ve been kindly after all, by not causing big harm. By the way, an attack like this certainly not honored.
That is only the first part of our investigation…