[kictanet] NSIS website hacked?
James Kagwe
jkagwe at KIPPRA.OR.KE
Tue Dec 11 17:32:36 EAT 2007
A dig reveals this;
; <<>> DiG 9.3.2 <<>> nsis.go.ke any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 76
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 5
;; QUESTION SECTION:
;nsis.go.ke. IN ANY
;; ANSWER SECTION:
nsis.go.ke. 38172 IN MX 10 mta.wananchi.com.
nsis.go.ke. 38172 IN MX 20 mail.wananchi.com.
nsis.go.ke. 29891 IN A 62.8.88.6
nsis.go.ke. 17830 IN NS dns2.wananchi.com.
nsis.go.ke. 17830 IN NS dns1.wananchi.com.
;; AUTHORITY SECTION:
nsis.go.ke. 17830 IN NS dns2.wananchi.com.
nsis.go.ke. 17830 IN NS dns1.wananchi.com.
;; ADDITIONAL SECTION:
mta.wananchi.com. 63997 IN A 62.8.88.64
mta.wananchi.com. 63997 IN A 62.8.88.63
mail.wananchi.com. 63574 IN A 62.8.88.102
dns1.wananchi.com. 64894 IN A 62.8.64.5
dns2.wananchi.com. 65700 IN A 196.200.36.3
;; Query time: 15 msec
;; SERVER: 196.200.16.2#53(196.200.16.2)
;; WHEN: Tue Dec 11 17:22:50 2007
;; MSG SIZE rcvd: 243
A ping reveals this;
C:\Dig>ping www.nsis.go.ke
Pinging www.nsis.go.ke [62.8.88.6] with 32 bytes of data:
Reply from 62.8.88.6: bytes=32 time=50ms TTL=54
Reply from 62.8.88.6: bytes=32 time=31ms TTL=54
Reply from 62.8.88.6: bytes=32 time=29ms TTL=54
Reply from 62.8.88.6: bytes=32 time=36ms TTL=54
Ping statistics for 62.8.88.6:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 50ms, Average = 36ms
Wananchi are the victims
-----Original Message-----
From: kictanet-bounces+jkagwe=kippra.or.ke at lists.kictanet.or.ke
[mailto:kictanet-bounces+jkagwe=kippra.or.ke at lists.kictanet.or.ke] On
Behalf Of Odhiambo Washington
Sent: Tuesday, December 11, 2007 4:18 PM
To: James Kagwe
Cc: KICTAnet ICT Policy Discussions
Subject: Re: [kictanet] NSIS website hacked?
On Dec 11, 2007 3:19 PM, John Walubengo <jwalu at yahoo.com> wrote:
> For those who may not know NSIS stands for National
> Security Intelligence Service, the Kenyan equivalent of the
> American CIA, Russian KGB, Israeli Mossad and the British
> M15 get the drift?
>
> Now these chaps website seems to have been hacked and
> defaced. Check out...
>
> http://www.nsis.go.ke/
>
> and please tell me am wrong.
You are right, it's been "cracked". However it's hosted by third
party, if you look at DNS records, and this can always happen when a
server admin installs on a server stuff they don't quite understand,
or even plays with a sensitive configuration without thinking much
about it.
Hey, Walu, it's just the website, the content of which is for public
consumption (and public defacing whenever possible to prove a point).
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
"Oh My God! They killed init! You Bastards!"
--from a /. post
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
This message was sent to: jkagwe at kippra.or.ke
Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/jkagwe%40kippra.or.
ke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20071211/cf1e6241/attachment.htm>
More information about the KICTANet
mailing list