Keep up to date with the latest announcements, news, releases and updates.
Keep up to date with the latest announcements, news, releases and updates.
Awaiting the release of new version of BackBox, we took the opportunity to renew our web site. A new look, portability and improved navigation and particular attention to new page for services aimed, the enterprise services that are required by organizations and/or businesses, to the community of BackBox. The offered services are free of charge.
The BackBox team is proud to announce the release of BackBox Linux 2. BackBox 2 features the following upstream components: Ubuntu 11.04, Linux Kernel 2.6.38 and Xfce 4.8.0. The images (32bit & 64bit) can be downloaded from the following location: https://www.backbox.org/download
A Hacker can attack his own community? At the 1st August the site www.backbox.org has been defaced by a group of crackers known under the name of eMP3R0r_TEAM. Their page has been online for about 2 hours before the site has been restored back. This attack has been successfully due to a misconfiguration of the shared server of a well known Italian internet service provider that hosts our pages which is for several days has exposed the home location of thousands of users to attacks by crackers! Fortunately backbox.org was the only site to have been defaced, but has not ruled out that other data has been stolen for future attacks at other sites. Our analysis has identified more than 5000 vulnerable accounts!
As you know BackBox is a community that part of the Free/Open Source Software, simply developing a Linux distribution, and would not have expected such an attack. We do not adhere to any side that would define us as a subject of attack. A hacker has valid reasons to attack a specific entity, would do it for moral principles, ethical and ideological. Assuming that a hacker will never attacked a proper communities in our case we are dealing with a group of unstable that running random attacks as soon as they detect any known vulnerability on any web portal.
Of course even if what happened was truely sad we had not discouraged and not lose heart. After restoring back online our web site we start to investigate to get further information. We have analyzed step by step the entire attack process by reverse and we were able the gathered useful information (including personal detail) about attackers.
The “dreaded” eMP3R0r_TEAM is a group of iranian activists who carry out attacks randomly on whole potential vulnerable web sites by targeting mostly European sites. During our investigation and analysis we were able to obtain the complete details of the man who personally performed the attack (nick iM4n) and we collected a variety of tests that confirmed his identity. Just to make you some idea of a character who loves to dress brand, Tissot watches wears expensive, attends ski resorts of Uludag (Turkey) and has some very expensive computer equipment (laptop lenovo generation, etc..). The character that we dealing with is Amir Hosein, born in on 21/10/1983 in Hell (Tehran) Iran. He works full-time on IT security and he seems to be the head of a small team.
Returning to the technical aspects of the attack…
The issue has had dramatic implications for how it was managed by the our ISP. As we talking about a hosting shared in that case the responsibility of what happened is completely belong to ISP. Despite our repeated emails, the ISP has snubbed the entire story by not providing any kind of support and also denying us to access log to our site!
The attack began through one of the website with a Joomla installation insecure that reside on server where our site located. The crackers violating this CMS site and have uploaded a webshell with which they were able to read the backbox.org home directory. Strangely, for several days the home directory of all hosts on the shared server could be navigated easily by any user by allowing them also to read the configuration files. After heaving read the data relating to the installation of our forum (SMF) and using the same webshell they have changed the MySQL database records for the account admin and then getting administrative privileges/access to the forum. By obtaining the highest privileges there were quite easy for them to uploading a backdoor into the home of backbox.org through which they were able to modify the index.php file of our site.
After having confirmed the information above specified, by demonstrating how the data of all users of provider were exposed (and we were doing the entire job for provider), the provider have finally decided to pay attention to us and only after 5 days (since when we have noticed to them this issue) they were able to correct this vulnerabilities by setting correctly privileges for each user on server.
In on of their statement that they sent to us they says that after a careful analysis we have confirmed the vulnerability, which was occurred after an upgrade to a newer version of php. In short, the permissions of the public_html directory of “some accounts” were set up with incorrect values … (?)
The whole event/process is incredible… “a few accounts” as they say, are actually more than 5000 sites hosted on their servers. Since now the provider have no released any official declaration regardin! An “oversight” of this magnitude should be made known as soon as possible in order to give users the ability to backup their data and change the passwords of their sites.
Actually (I mean right now), it seems to be not accessible/readable anymore the user home directories from neighbor/other accounts. That’s why we have decided to release this news after the issue has been fixed. We would like to get further attention of our provider to remain vigilant, it is possible that the crackers are in possession of other information that could compromise the security of the entire server again.
Regarding eMP3R0r_TEAM must be said that they’ve been kindly after all, by not causing big harm. By the way, an attack like this certainly not honored.
That is only the first part of our investigation…
The BackBox Linux 2 Artwork Contest is started! Your mission is to create a Wallpaper for BackBox Linux 2. Must be at least 1920px wide in 16:9 and 4:3 aspect ratio and .jpg or .png format. The theme is free but we prefer futuristic environments ispired to fantascientific movies like “Tron Legacy”, with an innovative design and electric colors (blue, black and gray are preferred). Using the BackBox logo is allowed, you can download it from the artworks page of this site.
Submissions not fitting these criteria will be subject to rejection. By submitting, you grant BackBox the right to reproduce your artwork with reasonable attribution in any way we see fit without compensation. We reserve the right not to choose a winner.
Any technique or medium may be used, as long as the final submission is in specified digital format. If you use stock photos, art, etc., make sure it is either public domain or that you own the rights to it.
All submissions must be received by July, 2011
Submit entries to:
info [at] backbox .org
Submission info to include:
Real name or desired nick/handle if any and a title and description of your piece.
All entries must be within size parameters listed above. Final entries should be in 300dpi .png or .jpg format. The works can be in .ai or .psd format. Delivery is the responsibility of the entrant, if the entry is too large to email you may post it online for download.
The BackBox team is proud to announce the release of BackBox Linux 1.05. BackBox Linux 1.05 features the following upstream components: Ubuntu 10.04, Linux 2.6.32 and Xfce 4.6.1
The team is proud to announce the release of backbox-fluxbox package. This release aims to be lean and fast on your desktop. FluxBox should be able to run on older hardware allowing people with weak to mediocre machines to enjoy the awesomeness of BackBox Linux. During the development of this package, our goal was to achieve a very delicate balance between a minimalistic and an easy to use setup which we hope we have done. Now the menu is self-generated, no manual editing… Therefore you can install any tool simply with synaptic or apt-get and the menu will auto rebuild itself. It’s that simple!