U E D R , A S I H C RSS

Zero Page Server/About Cracking

Server Cracking € จ ธฐก. กœ ฌด‹ํ•œ „œ„ €ฆฌž NeoCoin — ˜ํ•œ „‹ค˜ ณ  ;;
----

1. 2002 …„ ค‘ฐ˜  œธฐœ ฌดํ•œ ํŠธž˜ํ”ฝ Cracknig € จ ณดณ 

(ํ•ด‹ ธฐก„  •ํ™•ํ•˜ฒŒ ‚จธฐ€ •Š•„, ‹œ„ˆœ ธฐ–ต Œ€กœ ธฐˆ )
  1. ZeroPageServer/set2002_815 กœ„œ debian „—ด˜ ํ™˜ฒฝ„กœ ZeroPageServer „ธํŒ…
  2. ฌธ œ  œธฐ : ํ•œ‹ฌํ›„—  „‚ฐ„„ฐ->šฉฒ  กœ ณด•ˆ ถŒณ  ip block
  3.  „‚ฐ„„ฐพ•„€ ํ™•ธ ipblock ํ’€ณ ,  €
    • ฆƒ : ZeroPageServer —„œ ฌดํ•œ ฐดํ„€ random ip กœ  „†ก. ฐ‹œ ™•ˆ ˆ˜ฒœ packet ดƒ ํ†ต„ ํ™•ธ
      • ํ‰†Œ 16~30% ˜  „‚ฐ„„ฒŒดํŠธ ›จด ž› 99% Œ€ ˜ฌฆฌŠ” ณตํ—Œ. ํ•™ต—„œ ™ธ€ œกœ€Š” „คํŠธ› งˆ„
    •  € : ดƒ „ • ฐพธฐ, „คํŠธ› ํ™•ธ, security update

  4. ‹คŒ‚  NeoCoin ˜ „ •—„œ (root งณ ) ฌดํ•œ ํŠธž˜ํ”ฝ ฐœƒ ํ”„กœทธžจ ฐœฒฌ
  5. „„ : „ธํŒ…  •—„œ „˜ œ„ํ•œ wu-ftp ํŒจํ‚ค€ „œ„Šค ํ•œ‹ฌ„  œณตํ•˜˜€Š”ฐ, „˜ ฌธ œกœ €žฅ ž ‚ฌšฉํ•  NeoCoin ด  ค “ ฒƒ ฐ™Œ
  6. ํ•ดฒฐ : ํ•ด‹ ํ”„กœทธžจ ฐˆฌดฆฌ, NeoCoin ˜ •”ํ˜ธ €ฒฝ, wu-ftp „œ„Šค  œฐ. ทธ ดํ›„ ฌธ œ ƒํ™ฉ ‚ฌง
  7. ฐฐšด , •ŒฒŒœ 
    • ต‚ด˜ ฆฌˆ…Šค, †”ฆฌŠค „œ„ƒ— ํฌž˜ํ‚ด „„žฌ ํ•˜‹คŠ” 
    •  „‚ฐ„„„“คด œ ˆํ•˜‹คŠ”  , ถˆํ–‰ํžˆ ณด•ˆชฝ— €‹ด €ํ•˜—ฌ ‚ฌ‹คงŒ„ •Œ ค‹คˆ˜ žˆ‹คŠ”  
    • cracking ํ•œ ‚ฌžŒด, „œ„ƒ˜ NeoCoin ˜ data €šดฒƒด •„‹ˆ„œ, ‹คํ–‰ ํ•˜€งŒ —ญ‹œ ถˆ•ˆ.
    • web analizer „˜ํ•œ „ธฐ€ ˜—ˆ‹ค. ( http://zeropage.org/log ) žฌžˆŒ

2. 2002 …„ ง€„ฐ 2003 …„ ดˆ  œธฐœ ŠคํŒธ ฉ” ฐœ†ก Cracking € จ ณดณ 

2.1. 1ฐจ  œธฐ, Œ€‘

  • 2002-12-22 ž„ตฌ(ตฌ 98) žœ ฒŒ‹œํŒ Spam ฉ” rely ณดณ .
    • 2002-12-17 ถŒณ ฉ”
    • Œ€‘: mail € จ „œ„Šค port ง‰ณ , smtp „œ„ —†Š” ฒƒ ํ™•ธ
  • 2003-12 ง :  „‚ฐ„„ธก—„œ ip block
  • 2003-01-06 :  „‚ฐ„„— ฌธ˜ํ•˜—ฌ ip ํ’€ณ , „œ„  €,  •ํ™•ํ•œ ฌธ œŠ” ฐพ€ ชปํ•จ.
    • Œ€‘ : „œ„ rebooting ํ›„—Š” ฌธ œ€ ํŠ„ํžˆ ฐœƒ˜€ •ŠŒ

2.2. 2ฐจ  œธฐ Œ€‘

  • 2003-02-10 : KISA ->  „‚ฐ„„ฐ -> šฉฒ  ->  •ํฌก(nautes) ฒฝกœกœ, ฌธ œ  œธฐ Server shutdown
  • 2003-02-13~15 : ฌธ œ „„, ํ† ก 
    • ZeroPageServer on
    • mail € จ app „œ„Šค € จ ง‰ธฐ ( ธฐํƒ€ app ˜ mail port )
    • 2003-02-08, 09 ฆˆŒ— squid ดšฉํ•œ proxy „œ„Šค  œณตํ–ˆ‹คŠ” ฒƒ„ ธฐ–ต. spam ƒ˜ํ”Œ ช‡ํ†ตค‘ ํ•ด‹ค suqid ‚ฌšฉ „ • id€ žˆ—ˆ‹คŠ”   ธฐ–ต -> squid ™ž‘ ดํ›„ spam‹ ณ   ‘ˆ˜ œ ฒƒœกœ € •
      • ํ•ด‹ ํ”„กœทธžจ ํ…ŒŠคํŠธ. ฌธ œ ƒํ™ฉ„กœ ณดดŠ” ƒํƒœ ฐœฒฌ
      • ฆƒ : ฐœธ ฐœ •— ธฐณธ „ •˜ „˜œ squid 2.4 stable tar ˜ proxy „œ„Šค ตœดˆกœ ‚ฌšฉํ•œ ํ›„ –งˆ €‚˜€ •Š•„, •Œˆ˜ —†Š” ฉ” „œ„กœ(port 25) ฐดํ„€ ‚ •„€Š” mail rely ฆƒ ณดž„
        • squid ˜ ธฐณธ port ฐ”พธฉด ดŸฌํ•œ ฆƒ —†–ด กŒŒ
      • 1002€ squid € จ ฌธ œกœ ฌธ„œ ฐœฒฌ. ทธ ™•ˆ Server˜ „ต  žฆ€ rebooting •Œฌธ— ฌธ œ€ “œŸฌ‚˜€ •Š•˜Œ.
  • 2003-02-15~ : squid กœ ฒฐก , ฌธ„œ  •ฆฌ ดํ›„ ฐ‹œ

  • ฐฐšด 
    • ŠคํŠธ ˆŠค ฐ›€ งž
    • netstat งŒœกœ„ “ธชจ žˆฒŒ ฐพ„ ˆ˜ žˆŒ
    • ƒˆกœšด ํ”„กœทธžจ „˜ ํ›„ Š” ‹œ „ ˜‹ฌํ•ด ณดž. €žฅ ธฐณธ ธ „ธํŒ…— stable ตœ‹  „ „ ˜คํ”ˆ †ŒŠค„ งด‹ค.
    • ฐœธ ฐจ›—„œ˜ €ฆฌž€ ชจฅดŠ” €† ธ „œ„Šค˜ œ„ํ—˜„. งŒ•ฝ, squid ชฐž‹คฉด, ด ฌธ œŠ” ‹ค‹œ ํ•œ‘‹ฌ ฐ”„ ฒƒ ฐ™‹ค.
    • „›€ ‹  ™ํฌ”จ „ฒœ(1002), ‹ ฒฝจ‹  šฉฒ ด ํ˜•ป˜ ฐ‚ฌ “œฆฝ‹ˆ‹ค. --NeoCoin

  • 3. Thread

    4. 2003. 2. 13 ํ…ŒŠคํŠธ ดํ›„

    • ฌธ œ : „œ„ €™ํ•˜ณ  ‚˜„œ –งˆ ํ›„— spam ฉ”ด €† œกœ ฐœ†กœ‹ค.
      • ˜‹ฌ ˜Š” €„:
        • ชจ ํšŒ› „ •˜ squid “คˆ˜ žˆ‹ค. netstat กœ ƒํƒœ ‚ดํ”ฉด, ธฐณธ squid „ธํŒ…œกœ proxy ดšฉํ•˜ฉด, ƒŒ€˜ smtp portธ 25 ฒˆœกœ „† ญ€ ฐœ†ก˜—ˆ‹ค. ธฐณธ „ธํŒ… €ฒฝํ›„— ทธ ฐœ†ก˜Š” ƒํƒœ€ —†—ˆ‹ค. ํ•˜€งŒ, squid กœ ด ‡ฒŒ œ‹คŠ” ฒƒด ณดณ œ ‚ฌ€ ฐพ€ ชปํ–ˆณ , stable „ „ žฒด— ทธŸฐ ธฐŠฅด ˆจ–ด žˆ‹คŠ” ฒƒ€ ƒฐํ•˜ธฐ –ด ต‹ค.
          ณดํ†ต squid ํ†ตํ•œ ŠคํŒธฆด ˆดŠ” Šคํ€“œ 8080 ํฌํŠธ ํ†ตํ•ด„œ •„ดํ”งŒ ฐ”€Œณ  ณด‚ดŠ”‹คฅธ „œ„—„œ ณด‚ดŠ”ฐ, ง ‘ 25ฒˆด ‚˜„‹คŠ”ฐธ ดƒํ•˜ตฌš”.(žˆ„ˆ˜ —†Š”ด ƒฐํ•˜‹œฉด š”. Šคํ€“œ €ํ˜• „ „—„œ ทธŸฐ ธฐŠฅ„ ถ”€ํ•˜ธฐŠ” ํ•˜Š”ฐ ^^; ) squid€ smtpž‘ „ ƒ€ด —†Š”ฐ, ํŠํžˆ ฐ„•ˆ šฐ””(?) „ „ squidํŒจํ‚ค€€ 8080 ํ†ตํ•œ „ •—†Š” ™ธ€ ฆด ˆดํ•˜ณ  (›„ํ†ตํ•œ)ฉ”ฆด ˆด€ ธฐณธ œกœ •ˆ˜“ š”. †ŒŠคกœ „˜ํ–ˆ‹คฉด ชจฅดฒ „š” ^^;--™ํฌ
          •  œ€ œ„˜ ง„  •ํ™•ํ•˜€ •ŠฒŒ Šต‹ˆ‹ค. ทธฆฌณ , ™ํฌ”จ˜ ง”€Œ€กœ, †ŒŠคกœ „˜ํ–ˆ‹คฉด ชจฅดฒ „š”. — ํ•ด‹ ํ•ฉ‹ˆ‹ค. ƒŒ€˜ smtp port 25œกœ ฐดํ„€  „†ก˜ณ  žˆ‹คŠ” ฒƒด—ˆŠต‹ˆ‹ค. ทธŸ –ด””„ € ด „œ„˜ squid ธฐณธ „ธํŒ… ํฌํŠธกœ, relay „†ํ•˜ณ  žˆ‹คŠ” ˜„ ˜Š”ฒƒ ฐ™ตฐš”. ํ˜€, 8080ด‚˜, 80„ ‚ฌšฉํ•œ‹คŠ” ฒƒธฐ ฐฐ, resin apache€ ‚ฌšฉํ•˜ณ  žˆ–ด„œ ž˜ ชจฅดฒ Šต‹ˆ‹ค.  œ€ ดŸฐ „•˜ €‹ด €ํ•ด„œš”. --NeoCoin
            •„ squid€ 3128ด ธฐณธ ํฌํŠธธฒƒ ฐ™„š” ^^; ํ–‡ฐˆฆฌ—ˆ–ดš”. (8080„ “ฐธด ํ•˜€งŒ,) ƒŒ€ฐฉ˜ port 25ฒˆœกœ „‹คฉด, •„งˆ squid„ •œกœ ง‰„ ˆ˜ žˆ–ดš”. ˜ ง˜ด •ˆ†“ด‹œฉด ipfilter ํ”„กœทธžจœกœ ง‰œฉด ํ™•‹คํ•˜ฃ .--™ํฌ
            ทธ ‡‹คฉด, ด ฌธ œ€ ›ธด ํ™•‹คํ•œฒƒ ฐ™ตฐš”. ํ…ŒŠคํŠธƒ port ฐ”พธž,  •ƒ œกœ ™ž‘ํ•˜Š” state ณด—ฌ—ˆ“ š”. --NeoCoin

      • งŒ ํ˜„žฌ˜ squid € Crackingƒํƒœฉด, squid ˜ …‹ํŒ…„ ˆ˜ •ํ•˜”„ —ฌ „ํžˆ ˜‘ฐ™ด ฌธ œ€ ฐœƒํ•ด•  •ƒ ฒƒด‹ค. ทธŸฐฐ …‹ํŒ… €ฒฝํ›„ ทธ ฐœ†ก˜Š” ƒํƒœ€ ‚ฌ„‹คŠ”  ด ”š” ƒํ™ฉ„ ํ˜ž€ŠคŸฝฒŒ ํ•œ‹ค. žฌžˆŠ”  €, ทธŸ—„ €žฅ ช…ํ™•ํ•˜ฒŒ ธฐณธ ํฌํŠธ˜ ƒํ™ฉ—„œ, ‹คฅธ ฉ” „œ„กœ ฉ”„ €Š” ฒƒด ณดธ‹คŠ”  ด‹ค.

    • „œ„€ ช‡ฒˆ  • „„ งž€ ดํ›„, squid ‹คงˆ œกœ ‚ฌšฉํ•œ ˜ˆŠ”, š” ด‹ค. spamด ฟŒ ค„  •ํ™•ํ•œ ‚ งœ •Œฉด, „ต ํ• ˆ˜ žˆ€ •Š„Œ?
    ----
    ZeroPageServer
    Valid XHTML 1.0! Valid CSS! powered by MoniWiki
    last modified 2021-02-07 05:28:31
    Processing time 0.0367 sec