SUBJECT: FedCIRC Informational Notice 2003-07-01 Website Defacement Contest Scheduled for Sunday, July 6, 2003 **************WARNING*************** The websites referenced in this Informational Notice are affiliated with hackers and hacking. Websites of this type often contain malicious code. It is recommended that you exercise caution when accessing hacker sites to prevent the disclosure of your information and the execution of possibly malicious code on you machine. You may wish to utilize some form of proxy service to maintain your anonymity and disable the execution of Java and ActiveX code through the security settings in your browser. Be aware that adult content is often displayed on hacker sites and the viewing of such material may possibly constitute a policy violation in your orgainization. *************************************** SEVERITY: LOW SUMMARY: An underground contest to determine which hacker can deface the most websites has been scheduled for Sunday, July 6, 2003. IMPACT: Potential increase in website defacements. DETAILS: A website called www.defacers-challenge.com is promoting a contest for website defacement. The contest is to take place on Sunday, July 6, 2003, with the exact time to be determined. The duration of the contest will be six hours. It is suspected that since the competition is based on speed and volume that the defacers will probably target personal home pages, small business sites, and sites that do not possess the robustness of major commerce, .mil, or .gov sites. Supposedly, websites defaced during this contest will be posted to the Website Defacement Archives at www.zone-h.org. During the last week there has been a decrease in the number of reported website defacements and an increase in scanning/probing activity for web related services. This may be indicative of "pre-contest" reconnaissance activity where hackers are compiling lists of vulnerable web servers to be exploited on July 6th. RECOMMENDATIONS: The following are some proactive steps that administrators may take to ensure that their websites will not be attractive targets: -Ensure that web servers have the most current patches -Disable unnecessary services such as telnet, ftp and remote administration access. -Examine firewall and IDS rulesets and policies to determine if they will detect and protect against current exploits. -Ensure that good configuration and change management has been employed so that no web servers are in an unsecure configuration. -Run a vulnerability scanner against the webservers and border equipment to check for open vulnerabilities. REFERENCES: **************WARNING*************** The websites referenced in this Informational Notice are affiliated with hackers and hacking. Websites of this type often contain malicious code. It is recommended that you exercise caution when accessing hacker sites to prevent the disclosure of your information and the execution of possibly malicious code on you machine. You may wish to utilize some form of proxy service to maintain your anonymity and disable the execution of Java and ActiveX code through the security settings in your browser. Be aware that adult content is often displayed on hacker sites and the viewing of such material may possibly constitute a policy violation in your orgainization. *************************************** Defacer's Challenge www.defacers-challenge.com Zone-H Website Defacement Archive www.zone-h.org DHS-FEDCIRC CONTACT INFORMATION: DHS-FedCIRC Watch Center fedcirc@fedcirc.gov 888-282-0870