+Darsantre Posted October 23, 2005 Share Posted October 23, 2005 (edited) Please, GAWD, tell me that I'm hallucinating! I just went to look up the guidelines for setting up an earth cache and when I went to the site, it said it was hacked by Turkish cyber-pirates and this horrible Turkish rap started playing. Does anyone else have this problem when they go to the site? And WHY hack into Earthcache.org when there are so many other, more important sites to mess with?!??? Darsantre Edited October 23, 2005 by Darsantre Quote Link to comment
+aka Monkey Posted October 23, 2005 Share Posted October 23, 2005 Comments about the intelligence of other cultures aside, yes, the site's been hacked. They probably did it because it was easy. Hopefully the webmaster has all the data backed up. Quote Link to comment
H to the Bizzle! Posted October 23, 2005 Share Posted October 23, 2005 Yep, it is indeed hacked. Quote Link to comment
+treasure_hunter Posted October 23, 2005 Share Posted October 23, 2005 Bad that the site has been hacked, but I like the beat of the music! Ok, all jokes aside. WHY in the world would they pick Earthcache.org? Thats crazy. I wonder when the boys @ Earthcache will get it back under control? Quote Link to comment
+Glenn Posted October 23, 2005 Share Posted October 23, 2005 If they were try for exposure they really really missed the mark. Unless I'm wrong (which quite often I am) the only people who visit the earthcache site is a small group of geocachers. Maybe a couple hundered people saw this? It definitely isn't going to make any new papers. I wonder if there is geocaching like site for hackers. If so these hackers seem to be in it just for the numbers. Anyhoo had to do a ye olde cut and paste because they didn't provide a hot link to their websites. Not that there is anything to see there. It seems that their websites are down. Quoted below is the registrar info for their websites. I wouldn't trust any of the information. Except maybe the phone number to the Istanbul Hosting Solutions, Direct dial from the US 01190(216)349-2820. I would call because it isn't like they could do anything about the hackers. The hackers website are already down and the only thing the hosting service could do is suspend their hosting accounts. I did find this webpage, www.siberkorsanlar.gen.tr.tc/, it looks like their message boards. If you do know turkish, I'd read but not post. Siber-Korsanlar.Com Registration Service Provided By: ISTANBUL HOSTING SOLUTIONS Contact: +90.2163492820 Domain Name: siber-korsanlar.com Expiry Date: 16-Jan-2006 Days Left for Expiry: 84 Record Creation Date: 16-Jan-2005 Domain Status: Active Domain servers in listed order: ns1.ihsdnsx2.com ns2.ihsdnsx2.com RegistrantContact Details Name General redX Company Cyber-Strom Email Address gurcans@anadolu.edu.tr Address General redX City Eskisehir State null Zip 80040 Country TR Tel No. +90.2222222222 Cyber-Storm.Org Domain ID:D106480997-LROR Domain Name:CYBER-STORM.ORG Created On:31-May-2005 12:28:11 UTC Last Updated On:13-Oct-2005 10:08:26 UTC Expiration Date:31-May-2006 12:28:11 UTC Sponsoring Registrar:Direct Information PVT Ltd. (R27-LROR) Status:OK Registrant ID:DI_1503543 Registrant Name:General redX Registrant Organization:Cyber-Strom Registrant Street1:General redX Registrant Street2: Registrant Street3: Registrant City:Eskisehir Registrant State/Province: Registrant Postal Code:80040 Registrant Country:TR Registrant Phone:+90.2222222222 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:gurcans@anadolu.edu.tr Quote Link to comment
+CYBret Posted October 23, 2005 Share Posted October 23, 2005 WHY in the world would they pick Earthcache.org? That's nobody's business but the Turks. Quote Link to comment
+nfa Posted October 23, 2005 Share Posted October 23, 2005 is it the same group that hacked Todays Cacher? Quote Link to comment
+Lil Devil Posted October 23, 2005 Share Posted October 23, 2005 is it the same group that hacked Todays Cacher? No, the Turks seem more intelligent Quote Link to comment
+Jaz666 Posted October 23, 2005 Share Posted October 23, 2005 Some groups will hack any site, regardless of its profile. My little-visited site has been hacked on more than one occasion. Quote Link to comment
+splicingdan Posted October 24, 2005 Share Posted October 24, 2005 WHY in the world would they pick Earthcache.org? That's nobody's business but the Turks. I hope that they know to look for the culprits in Istanbul (Not Constantinople). Quote Link to comment
+El Diablo Posted October 24, 2005 Share Posted October 24, 2005 is it the same group that hacked Todays Cacher? Yep...the same group. El Diablo Quote Link to comment
+Anonymous' Posted October 24, 2005 Share Posted October 24, 2005 is it the same group that hacked Todays Cacher? Yep...the same group. El Diablo Turkish cachers with lots of angst? Quote Link to comment
ju66l3r Posted October 24, 2005 Share Posted October 24, 2005 The method for hacking pages in this manner has nothing to do with the site itself and everything to do with the programs running the site (and their unpatched security holes). An automatic program (usually on a 3rd person's computer after downloading a virus) scans website after website by trying a very specific set of commands that can be sent in the address bar as if it were trying to ask the website for a certain page. Those commands fake the program running the website to open up access to the hacking program and if it gets a "hit" (like a bite on the hook when fishing), it goes into "replace the pages" mode and overwrites the original website through the now open hole that it's found and then helped to create. None of this process from scanning, to breaking in to a weak system, to replacing the website with their own message/garbage, required the "hacker" to have anything to do with it at all (other than to setup the initial program and toss it out on the web and P2P programs hoping someone would download and run it (and thereby make them the "3rd person" mentioned above). In fact, the hacker could even be in jail, dead, or gone straight, but their code will live on as long as naive people run programs they shouldn't trust. Finally, may I also suggest that when you come upon an obviously hacked site, you should NOT attempt to click any links or open new windows to any web addresses they put up (no matter how angry you are that they took down your favorite site and you'll show them by posting on the forums link they left!). Do NOT follow their links. Your browser may unknowingly download and run the very software that caused this kind of problem in the first place. The link could be bait for the irate ignorant masses. The best thing you can do is to e-mail the administrator of the site (again, not by link on the hacked site..but by an address you otherwise know about). They will need to wipe clean their website program files and then reinstall a fresh newly-patched copy and hopefully learn from this lesson to keep their software patched and extra ports turned off. Quote Link to comment
+briansnat Posted October 24, 2005 Share Posted October 24, 2005 WHY in the world would they pick Earthcache.org? That's nobody's business but the Turks. I hope that they know to look for the culprits in Istanbul (Not Constantinople). Istanbul was Constantinople Now it's Istanbul, not Constantinople Been a long time gone, Constantinople Now it's Turkish delight on a moonlit night Quote Link to comment
Trinity's Crew Posted October 24, 2005 Share Posted October 24, 2005 In fact, the hacker could even be in jail, dead, or gone straight, but their code will live on as long as naive people run programs they shouldn't trust. Or they could be targeting sites associated with geocaching intentionally. Quote Link to comment
+Darsantre Posted October 24, 2005 Author Share Posted October 24, 2005 Or they could be targeting sites associated with geocaching intentionally. I highly doubt that. I live in Turkey and there are about 8 Turks who geocache in the whole of the country. So very few Turks have actually heard of geocaching. I would never say there are Turkish geocachers. I would say there are a handful of Turks who have geocached. Of those 8, the most caches any of them has found is 9. Some Turks have even left a cache without ever finding one! I don't know how, but a few have. The Turks find 3 or 4 caches and then you never hear from them again. And good luck trying to find a GPS receiver for sale in this country. Usually it's the geocaching tourists who find the caches and are more likely to place one in Turkey. Granted, there are only about 43 active caches in the whole country. I am working on getting more caches placed, but without a car, it's a bit difficult though. Quote Link to comment
ju66l3r Posted October 24, 2005 Share Posted October 24, 2005 In fact, the hacker could even be in jail, dead, or gone straight, but their code will live on as long as naive people run programs they shouldn't trust. Or they could be targeting sites associated with geocaching intentionally. Yes, just because you're paranoid doesn't mean they aren't out to get you. Of course, there are quite a few more caching sites than just earthcaching.org and todayscacher.com (most haven't been hacked). There are also quite a few non-caching sites that have been hacked in this exact same fashion. It's in our nature to add a "trend" where one doesn't exist though and so when a few high profile situations arise, it can get falsely interpreted as a "targetted attack" or "intentional". Because we don't see the true representation of all of the websites out there to know which ones have been scanned and which ones were hacked but cleaned up before being seen and so on...we sometimes figure there must be something sinister behind them hitting only those that we have seen. Trust me though, these hacking programs just find *any* computer they can put their HTML all over. There are even webboards and pages where these guys keep track of their "hits" and try to see if they can out-do another tagging crew like it were some sort of virtual graffitti game. I wouldn't be surprised if the only "Turkey" these hackers have even *seen* says "Butterball" on the side. To download, insert your HTML, then spread these trojan horse-hack programs doesn't take more than a few hours of your time and then you're infamous on the web (in your own mind). Those programs put your code anywhere they can, not targetted sites about GPS hobbyists... Quote Link to comment
+briansnat Posted October 24, 2005 Share Posted October 24, 2005 Trust me though, these hacking programs just find *any* computer they can put their HTML all over. There are even webboards and pages where these guys keep track of their "hits" and try to see if they can out-do another tagging crew like it were some sort of virtual graffitti game. You seem to know a lot about this. Is your name Ahmet by any chance? Quote Link to comment
+Bandit & Magna Posted October 24, 2005 Share Posted October 24, 2005 A freinds website got hacked by them and his site had nothing to do with geocaching. Maybe it was a competition or something to see who could raid the most pages. Quote Link to comment
vagabond Posted October 24, 2005 Share Posted October 24, 2005 One of the metal detecting sites I belong to was hacked by that group about 2 months ago, they were down about 4 or 5 days Quote Link to comment
+Glenn Posted October 25, 2005 Share Posted October 25, 2005 The method for hacking pages in this manner has nothing to do with the site itself and everything to do with the programs running the site (and their unpatched security holes). An automatic program (usually on a 3rd person's computer after downloading a virus) scans website after website by trying a very specific set of commands that can be sent in the address bar as if it were trying to ask the website for a certain page. Those commands fake the program running the website to open up access to the hacking program and if it gets a "hit" (like a bite on the hook when fishing), it goes into "replace the pages" mode and overwrites the original website through the now open hole that it's found and then helped to create. None of this process from scanning, to breaking in to a weak system, to replacing the website with their own message/garbage, required the "hacker" to have anything to do with it at all (other than to setup the initial program and toss it out on the web and P2P programs hoping someone would download and run it (and thereby make them the "3rd person" mentioned above). In fact, the hacker could even be in jail, dead, or gone straight, but their code will live on as long as naive people run programs they shouldn't trust. I guess that might be interesting the first few times. Pretty pointless after that. Finally, may I also suggest that when you come upon an obviously hacked site, you should NOT attempt to click any links or open new windows to any web addresses they put up (no matter how angry you are that they took down your favorite site and you'll show them by posting on the forums link they left!). Do NOT follow their links. Your browser may unknowingly download and run the very software that caused this kind of problem in the first place. The link could be bait for the irate ignorant masses. Thats one good thing about using a less popular browser and OS. There is less out there that is out to get you. As long as the masses stick with Mircro$oft products I'm happy. If I ever did get infected with a virus, unlike MS OSes, it would only be able to infect my user account and not the whole computer. That doesn't mean I don't run any antivirus software tho. Although it's only ever detected three viruses, although all three were MS OS viruses. The best thing you can do is to e-mail the administrator of the site (again, not by link on the hacked site..but by an address you otherwise know about). They will need to wipe clean their website program files and then reinstall a fresh newly-patched copy and hopefully learn from this lesson to keep their software patched and extra ports turned off. In case anyone doesn't know. The best way to get an admin email address for a web site is to do a whois search on the domain name. You can do them at http://www.internic.net/whois.html. Quote Link to comment
+Cache us Clay Posted October 26, 2005 Share Posted October 26, 2005 [Istanbul was ConstantinopleNow it's Istanbul, not Constantinople Been a long time gone, Constantinople Now it's Turkish delight on a moonlit night Oh boy, it'll take me a while to get that song out of my head now. Quote Link to comment
+chstress53 Posted October 26, 2005 Share Posted October 26, 2005 I just visited the site and it is up and functioning . I never did see any message from turks or hear music. Quote Link to comment
+sept1c_tank Posted October 26, 2005 Share Posted October 26, 2005 Looks OK to me, too. Quote Link to comment
+IV_Warrior Posted October 26, 2005 Share Posted October 26, 2005 Yep, looks like they got it back up and running today. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.