Eric, author of the Christifideles blog, noticed on Monday that the website of the Melkite Diocese of Newton had been defaced. Not with insults or anything bad, just a graffiti-like page announcing that "SpyKids from Brasil" had been there.
It was probably just some script-kiddie tagging whatever site his computer could penetrate. After the diocese's webmaster restored everything, he mentioned to Eric that his ISP's system had been hacked a few times already, and dozens of web sites on the machine got the same treatment.
So what made that machine vulnerable?
Contrast these two sites and see if you notice anything:
| requesting www.melkite.org... | requesting www.vatican.va... |
| Server response:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0 MicrosoftOfficeWebServer: 5.0_Pub Connection: keep-alive Content-Location: http://www.melkite.org/index.htm Date: Wed, 07 Dec 2005 05:17:01 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Mon, 05 Dec 2005 18:23:19 GMT ETag: "dc5ecaf7c8f9c51:d2a" Content-Length: 46189 |
Server response:
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2005 05:14:03 GMT Server: Apache/1.3.31 (Unix) Last-Modified: Mon, 09 May 2005 11:14:21 GMT ETag: "1cd-143b-427f460d" Accept-Ranges: bytes Content-Length: 5179 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html |
Well, that explains that.
Now, as far as I know, nobody's hacked vatican.va yet, in spite of this.
