Permalink
Cannot retrieve contributors at this time
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
80 lines (62 sloc)
3.02 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Greetings. | |
| You are being contacted because you are listed as an Internic | |
| contact for the domain referred to. | |
| Attrition.org is a non-profit, hobby web site that monitors | |
| computer crime on the internet. In the past few minutes, we | |
| have been notified that your domain was hacked, and your web | |
| page defaced. This means that the intruder has edited your | |
| web page in some way. Due to this, it is quite likely that | |
| one or all of the machines on your network are compromised. | |
| You may wish to take immediate action to correct this problem | |
| and respond to the intrusion. | |
| One of the free services attrition.org offers is mirroring defaced | |
| pages to aid in statistics on computer crime. The various archives | |
| of information we maintain is used by security professionals and | |
| law enforcement every day. We comply with all law enforcement | |
| subpoenas for information related to the intrusion; however, for | |
| the purposes of fairness in reporting, we do not reveal the | |
| identities of defacers other than as shown on the defaced web page. | |
| Attrition offers free security advice and assistance to sites | |
| experiencing trouble. We can also recommend unaffiliated security | |
| companies should you feel the need for more extensive analysis; | |
| please mail staff@attrition.org, and we'll be happy to help. | |
| We are not a security company and have no product or service to | |
| sell. | |
| We'd also like to assure you that we had no advanced knowledge | |
| of the intrusion. Any reference to attrition.org in your logs | |
| is due to our mirroring utility. Any greeting or reference to | |
| Attrition on the actual web page is beyond our control. You are | |
| one of over three thousand administrators we have contacted in | |
| this manner. | |
| Attrition has already notified the appropriate CERT teams that | |
| would be interested in this incident. Despite this, you should | |
| still contact the appropriate CERT with followup information. | |
| They can provide recommendations for recovering and dealing with | |
| this incident. | |
| If you receive any additional mail from a security company or | |
| vendor, we'd like to state up front that we are in no way | |
| affiliated with them. We have found out that some security | |
| companies prey on victims of web defacement to solicit their | |
| products or services. If you receive such mail, please forward | |
| the full text with headers to us so that we can confront them. | |
| Please feel free to mail us if you have any questions or would | |
| like assistance. | |
| For more on security and incident response: | |
| http://ciac.llnl.gov | |
| For more on computer forensics and preservation of evidence: | |
| http://www.forensics-intl.com/info.html | |
| http://www.nwo.net/null/recovery.html | |
| For the latest on vulnerabilities and good security practice: | |
| http://www.securityfocus.com | |
| Hardening WindowsNT4 | |
| http://www.networkcommand.com/NTSEC/paranoid.html | |
| Contacting Law Enforcement | |
| http://www.fbi.gov/contact/fo/fo.htm | |
| The Attrition Mirror: | |
| http://www.attrition.org/mirror/ | |
| Security Advisory Archive: | |
| http://www.attrition.org/security/advisory/ | |
| For the latest on computer crime and news: | |
| http://www.hackernews.com/ | |
| Contacting us: | |
| staff@attrition.org |