If you haven’t heard yet, which is unlikely as it has 1700 Digg votes, there’s a hacker named Malcor going around to Mac fanboy sites and hacking them – so far Glenn Wosley and Macapper – with front pages that claimed them as rotting parts of the Apple fan site realm with examples placed on his blog.
So far, this all seems to be a bit fishy. I highly doubt that this is all the work of someone who isn’t hoping to work up some promotion, especially with Macapper. I converse from time to time with one of the editors of Macapper, but I told him that I don’t fully believe his statement. The manner in which this is all happening just seems odd. If it was truly a hacker his blog would’ve been taken down because of violation of TOS. His IP could easily be tracked because of the “hacking” he’s doing and he would’ve already have been caught. The fact that no one seems to be up in arms and actively investigating this, especially those who were “hacked” so far, and providing updates about it.
November 20, 2007 at 10:03 pm
I hate to break it to you but I think you’re wrong. None of this is staged.
IPs are hard to track. You’ve gotta know what you’re looking for. This guy’s new but he’s not stupid. In all likelihood, he’s using a proxy to get at wp-admin.php. Even if someone found the IP of the proxy he’s using, there are thousands of proxies out there that he can use. Blocking them all is impossible.
As for investigating it, that’s rather difficult. I know that my webhost control panel isn’t that great at tracking IPs and I bet the ones used on GW and MA aren’t either (mine only records the last 300 visitors). Seeing as how the the vulnerabilities were found in WordPress and not with the site itself, I doubt any host or ISP would launch such an investigation. There’s no place to start.
Of course, I’m not an expert or anything, so take all of this with a grain of salt.
November 27, 2007 at 9:26 pm
As someone who runs numerous high profile sites, really everyone either runs through another compromised server, or somewhere out of the netherlands (go figure). I’ve tried getting some of the other compromised machines shut down and I never hear back from the abuse departments of those netblocks. Any more I don’t even bother.