RISK: Average (4 out of 10)
There are many hacker attacks which deface and / or installs a botnet (robot) which can carry out attacks and look for credit card info and passwords as typed on a server and then automatically forwarded. It seems to be directed at Denmark as a penalty because of “Cartoon Crisis” why we assume that all domains and IP classes in Denmark is scanned and attacked.
According to Zone-h.org there is 36594 DK domains in their register since 01.01.09. Many well-known Danish companies is in here. Since Verinet sells through dealers and distributors, we can only answer for the servers we maintain with a Server Care subscription. There are many attacks attempts daily on all servers among all hosting providers. So it is not unusual.
Recommended actions for both Hosting Providers and the administrative staff working on a server
Since most servers are hacked simply by grabbing the password from the administrative users, it is always a good idea NOT TO let your browser remember your logins since a hacker easily can get access to you notebook or PC. If a sniffer is installed on the cliens or the router, it is in no use anyway.
1. Update your operating system and all applications and programming languages and remember especially JAVA, FLASH, PDF, PHP, ASP, DOT NET and all CMS systems. Many neglect local update of example Acrobat, Flash, Java, Microsoft Office, Word, Powerpoint and Excel.
2. Check also that you have access to your routers webadmin or switch since many of those is hacked hardware currently according to: http://verinet.dk/hosting/?p=108
3. After a update scan your server, PC, IP address and domain for vulnerabilities. Remember you must have both firewall and antivirus software updated to latest versions. Check if your pages contain unknown downloads or links. Remember all your domains and servers and also include all old and forgotten tests and installations in sub-folders etc. On Linux also run a Rootkit hunter like RKHunter. The Scan for open ports use the NMAP tool to discover open ports and close ports which is not in use.
4. In the Firewall close ALL traffic except those services and ports which is not used. Also make all ADMIN and ROOT logins invisible, that is done by allowing only the adminstrators IP.
5. Do you have home made Web pages and/or applications, there is good reason for extra control as they do not have thousands of developers and testers for vulnerability or automatic warning or control. Check whether you are on the list above, which appears to increase hours-of-hours. The above link is safe.
Many attacks also happens via e-mail every day. Today was the example. UK hosting provider damcosoft.co.uk – in this link is an IP address with attacks even on those IP addresses you are coming from using a refer function.
SOURCE: LINK TO THE HACKER GROUP: (Go into it ONLY IF you are sure you have fulfilled the above) The link goes through Google Translate and asks you to install an “application”. Here you must answer no. http://translate.google.com/translate?hl=en&sl=ar&tl=en&u=http://www.bramjnet.com/vb3/showthread.php?t=963808&rurl=translate.google.com