BBV hacked ?

Just went to web site - top part of web site says


HACKED!
#ww.h-a-t-e.com - You faggots have been owned by: sh0k3


-------------------
All i wanted you fuckers to do was leave me alone!

I said "enough" more than once, and you just didn't Listen!

Now it's my turn for Revenge!

So HATE ME!



So have the script kiddies struck again?

Can Bev Harris please come onto his board and tell us what the hell is going on here? That's very weird....

Again. Just as we prepare to put up Chapter 8.

David is working on it.

http://groups.google.com/groups?q=sh0k3&ie=ISO-8859-1&hl=en&btnG=Google+Search

The nick appears to be taken a spam server name.

exploiting known vulnerabilities in php-nuke.

as before (and you should all take note of this), the timing is highly suspicious...

It looked suspicious, so I deleted it. It's still in my deleted file and I didn't open it but I clicked on properties and message source. Here's what it says:

Status: U
Return-Path: <(a plan9.org email address was here)>
Received: from server14.totalchoicehosting.com (<66.246.87.127>)
by penguin (EarthLink SMTP Server) with ESMTP id 1a8mLH1mS3NZFl40
for <(my email address was here)>; Sat, 11 Oct 2003 09:39:01 -0700 (PDT)
Received: from nobody by server14.totalchoicehosting.com with local (Exim 4.24)
id 1A8MlW-00080b-Ht
for (my email address was here); Sat, 11 Oct 2003 12:38:50 -0400
To: (my email address was here)
Subject: : www.h-a-t-e.com
From: (a plan9.org email address was here)
X-Mailer: PHP/4.3.2
Message-Id: <E1A8MlW-00080b-Ht@server14.totalchoicehosting.com>
Date: Sat, 11 Oct 2003 12:38:50 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server14.totalchoicehosting.com
X-AntiAbuse: Original Domain - earthlink.net
X-AntiAbuse: Originator/Caller UID/GID - <99 99> / <47 12>
X-AntiAbuse: Sender Address Domain - plan9.org

From: Hacked by: sh0k3



Please all users visit http://www.h-a-t-e.com



- Hacked by: sh0k3 Staff



=========================================================
You're receiving this email because you're a registered user of . We hope that this email didn't disturbed you and in some manner contributes to improve our services.

I've been doing footnotes all morning, haven't been there. I'll go look.

Bev
On edit --

AAARGH! They've taken out my email too. That address was working great, but now I'll need a new one. Hope we can retrieve what was sent last night, and I am SO SORRY for anyone who was a victim of these hackers.

So they want us to leave them alone, huh? Who would that be?

Let me tell you something: I was getting threat emails, 2-3 a day, for weeks and months. I published the headers for one on the web, someone at DU traced it, and they ALL stopped. Do you know what that means? It means they all stemmed from the same place. I'm betting, Vancouver Canada.

Again, how scared are they of the truth???

from Pacom, which is connected to Bell Group. Here are the links to their sites, I am not good at connecting the dots but something tells me something here connects.

http://www.bellsec.com/diebold.htm

http://www.pacomsystems.com/

I believe the diebold purchase came out of Vancouver?

http://www.h-a-t-e.com/modules.php?name=News&file=article&sid=130

Revenge.......

Ok.... People think it's funny talking shit about me.... and think i won't do shit to them in response? Heh... Think again fags... You should know not to ever fuck with me.. For Real!

Sites Owned by: sh0k3

www.poolerz.com
www.cracked-it.com
www.platnum.net
www.sweet-crack.com
www.yahoo-assassins.com
www.massive-hosting.com
www.308boyz.com
www.blackboxvoting.com
www.jahshaka.org
www.trade-vizion.com
www.beerballers.creative-eye.net/beer/

More sites are going down as we speak, they'll be added to the list above. Blah blah...

same e-mail... Never give out your real e-mail info, guys... -C

is getting worried or just a random attack by some idiot? I hope it's the former. They need to be worried. I believe, at last count, the petition to get HR2239 to the floor of the House is 20 signatures short. We need to work on those Representatives (all Republicans) and get them to sign the petition so this bill can be debated.

Who wants revenge against BBV? Who has computer hacking skills, lacks a sense of ethics, and would ever want to cause Bev, David, others embarassment and distress? Hmmmm...a short list of suspects come to mind...

Registrant:
Yahpro
712 west kilpatrick
Mineola, Texas 75773
United States

Registered through: domainspot.org
Domain Name: H-A-T-E.COM
Created on: 12-Aug-03
Expires on: 12-Aug-04
Last Updated on: 29-Sep-03




Administrative Contact:
Dickinson, Lee CEO@Yahpro.org
Yahpro
712 west kilpatrick
Mineola, Texas 75773
United States
9035696557 Fax --
Technical Contact:
Dickinson, Lee CEO@Yahpro.org
Yahpro
712 west kilpatrick
Mineola, Texas 75773
United States
9035696557 Fax --

Domain servers in listed order:
NS1.SUBLIMINAL-SHOCK.COM
NS2.SUBLIMINAL-SHOCK.COM

I'm working from memory here, but isn't this the same street (address?) as The Election Center? You know, OUR Doug Lewis' organization????

I know I have seen this address before in my research.

Administrative Contact:
Bahl, Anil admin@hostingshack.net
1002, Sector 4
urban estate
Gurgaon, Arkansas 12200
United States
215-343-8803 Fax --
Technical Contact:
Bahl, Anil admin@hostingshack.net
1002, Sector 4
urban estate
Gurgaon, Arkansas 12200
United States
215-343-8803 Fax --

Registrant:
Yahpro
#1 weedlane
Weedsville, Texas 75779
United States

Registered through: domainspot.org
Domain Name: HOSTINGSHACK.NET
Created on: 01-Sep-03
Expires on: 01-Sep-04
Last Updated on: 08-Sep-03

And can you imagine having to visit a place called Weedsville, Texas?

75779 is for the post office boxes in Neches, TX.

Ah, well....

and the address listed on the domain/DNS/hosting records are a valid mailing address according to the USPS web site.

And I don't think they'd be that stupid.



Diebold AccuVote Ingredients

Taxpayer money.................$5000
Security Flaws....................328
Critical Security Flaws.........26
CEO commitments to
deliver election to GOP........1
Tamper-proof Paper ballots...0
Tamper-friendly digital
ballots................................At least 32MB
Your actual vote..................None of your business.

...from infospace.com's reverse lookup:

Oshea, Brandi
712 W Kilpatrick St
Mineola, TX 75773

Same phone number on all the records connected with this name and address. There it is.

Nice work on the phone number, but perhaps take it slow. I suspect that the kids at yahpro may be on the level ... take a trip to the links and check it out ... although it seems likely that they KNOW sh0k3. See my post below about yahpro.

But see what you think when you go to:

http://www.yahpro.org
http://host.yahpro.org

Seems they do a little legit webhosting on the side.

ON EDIT: You may have to disable javascript to access the hosting site above and below. I get an error message about a missing .js file if I go in there w/ j-script enabled on my browser. Your mileage may vary.

But sh0k3 designed the site for them ... you can see a graphic w/ a link to his "subliminal-shock" website on the very lower left of this page.

http://host.yahpro.org/compare.php

But we're close.

.rog.

and I do not believe these are script kiddies....

There's a solid thread throughout all the sites...and that's the phone number. If you look at all the whois info on the host, the domain, the DNS servers, they all have that single thing in common - the phone number.

It may be script kiddies doing it, but there are some serious adults sponsoring it.

On the other hand, taunting hackers with posts like this one at the site is not a smart thing to do:

--------------------------------------------------
Script Kiddies Repulsed
Thanks to all who provided helpful advice to us during the the recent
"Attack of the Script Kiddies." I think we have them locked out now. Contrary to some fears, it was nothing more sinister than unsupervised children with too much time on ther hands.
--------------------------------------------------

If you make fun of them, it becomes personal.

Is this Lee Dickinson just an innocent bystander?

Who was the guy lobbying for the disabled, Lee Dickinson or Lee Dickson?

(Sorry, way late to the old computer today)

The chapters are gone, a huge section of headlines is gone, the sidebars are gone...

Is this the work of a lone SK, or a Diebold-funded SK...?

EDIT: spelling

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=517535

Read the post titled "Revenge....":

http://www.spymodem.com/affiliates/out.php?affname=sh0k3

sorry this happened Bev. Unbelievable.

Totally warped mind.

Look at this post:

Ok.... People think it's funny talking shit about me.... and think i won't do shit to them in response? Heh... Think again fags... You should know not to ever fuck with me.. For Real!

Sites Owned by: sh0k3

www.poolerz.com
www.cracked-it.com
www.platnum.net
www.sweet-crack.com
www.yahoo-assassins.com
www.massive-hosting.com
www.308boyz.com
www.blackboxvoting.com
www.jahshaka.org
www.trade-vizion.com
www.beerballers.creative-eye.net/beer/

More sites are going down as we speak, they'll be added to the list above.

Question: The only people Blackboxvoting "F*s" with are people who create insecure voting machine software code. The site has very little to do with the others, and no, I don't believe these are script kiddies.

http://www.h-a-t-e.com/

check out its cache -

http://216.239.41.104/search?q=cache:asUg7xnao3oJ:www.h-a-t-e.com/+sh0k3&hl=en&ie=UTF-8


Id's are for Sale! Highly Rare, Yahoo! Illegal Id's are being sold!

If you are interested in Which ID's we're selling, Instant Message on of the Usernames below via Yahoo! Instant Messenger for Further Details:

Problem
Rolex
Pranksta

All id's being sold will be logged in on request to confirm we Own them.
Regular Site will be back online within a few hours.

I've done some traces on this kid's domains, as well as on hosting services that APPEAR to be hosting his site, although he may have spoofed that, too. At any rate, I'd be happy to forward a text file to someone who might be able to use it.

How should we do this? I have my mailbox here disabled right now. I don't think I should post the info here ... it might invite another attack on DU. And how will I know who's who. This is complicated ... don't want to reveal my email and/or website to this guy.

sh0k3 is "formerly known as c0lders" ... he's done some web design.

Apparently he did the site for host.yahpro.org, which may or may not be legit.

You can see a graphic with a link back to his site at the bottom of this page: host.yahpro.org/cpanel.php

If you want to get creeped out, go to www.yahpro.org ... think "Columbine HS."

Try doing a google on sh0k3=c0lders and see what comes up.

I have whois, domain servers, etc.

Best to be careful, though ... these kids are WAY smarter than I am.

.rog.

Yeah ... I'd say be real careful.

david@blackboxvoting.com

Thanks!



Diebold AccuVote Ingredients

Taxpayer money.................$5000
Security Flaws....................328
Critical Security Flaws.........26
CEO commitments to
deliver election to GOP........1
Tamper-proof Paper ballots...0
Tamper-friendly digital
ballots................................At least 32MB
Your actual vote..................None of your business.

"sh0k3 is "formerly known as c0lders" ... he's done some web design."

http://brainkrash.com/shoutbox/expanded.php

Feb 28
c0lders: -- come checkout my kiddy scripts

but I have one nagging question. If it is just luck of the draw that BBV.com was picked, then why go to all the trouble to spoof the email as coming from plan9.org?

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
1237 Elon Place
High Point, NC 27263
http://www.plan9.org

And why does all the shit seem to fly out of Texas?

IS for script kiddies... BUT... There could be someone else making suggestions to some demented kid as to which sites to work on... -C

the meta name was odd. It had nothing to do with your site. Here is the meta name for your report site, a hacked site, and his h-a-t-e.com

this was on http://www.beerballers.creative-eye.net/beer/

Also hacked

<META NAME="COPYRIGHT" CONTENT="Copyright (c) 2003 by Hacked by: sh0k3">
<META NAME="KEYWORDS" CONTENT="News, news, New, new, Technology, technology, Headlines, headlines, Nuke, nuke, PHP-Nuke, phpnuke, php-nuke, Geek, geek, Geeks, geeks, Hacker, hacker, Hackers, hackers, Linux, linux, Windows, windows, Software, software, Download, download, Downloads, downloads, Free, FREE, free, Community, community, MP3, mp3, Forum, forum, Forums, forums, Bulletin, bulletin, Board, board, Boards, boards, PHP, php, Survey, survey, Kernel, kernel, Comment, comment, Comments, comments, Portal, portal, ODP, odp, Open, open, Open Source, OpenSource, Opensource, opensource, open source, Free Software, FreeSoftware, Freesoftware, free software, GNU, gnu, GPL, gpl, License, license, Unix, UNIX, *nix, unix, MySQL, mysql, SQL, sql, Database, DataBase, Blogs, blogs, Blog, blog, database, Mandrake, mandrake, Red Hat, RedHat, red hat, Slackware, slackware, SUSE, SuSE, suse, Debian, debian, Gnome, GNOME, gnome, Kde, KDE, kde, Enlightenment, enlightenment, Interactive, interactive, Programming, programming, Extreme, extreme, Game, game, Games, games, Web Site, web site, Weblog, WebLog, weblog, Guru, GURU, guru, Oracle, oracle, db2, DB2, odbc, ODBC, plugin, plugins, Plugin, Plugins">
<META NAME="DESCRIPTION" CONTENT="Hacked by: sh0k3">

this is on your voting report site

<META NAME="KEYWORDS" CONTENT="News, news, New, new, Technology, technology, Headlines, headlines, Nuke, nuke, PHP-Nuke, phpnuke, php-nuke, Geek, geek, Geeks, geeks, Hacker, hacker, Hackers, hackers, Linux, linux, Windows, windows, Software, software, Download, download, Downloads, downloads, Free, FREE, free, Community, community, MP3, mp3, Forum, forum, Forums, forums, Bulletin, bulletin, Board, board, Boards, boards, PHP, php, Survey, survey, Kernel, kernel, Comment, comment, Comments, comments, Portal, portal, ODP, odp, Open, open, Open Source, OpenSource, Opensource, opensource, open source, Free Software, FreeSoftware, Freesoftware, free software, GNU, gnu, GPL, gpl, License, license, Unix, UNIX, *nix, unix, MySQL, mysql, SQL, sql, Database, DataBase, Blogs, blogs, Blog, blog, database, Mandrake, mandrake, Red Hat, RedHat, red hat, Slackware, slackware, SUSE, SuSE, suse, Debian, debian, Gnome, GNOME, gnome, Kde, KDE, kde, Enlightenment, enlightenment, Interactive, interactive, Programming, programming, Extreme, extreme, Game, game, Games, games, Web Site, web site, Weblog, WebLog, weblog, Guru, GURU, guru, Oracle, oracle, db2, DB2, odbc, ODBC, plugin, plugins, Plugin, Plugins">
<META NAME="DESCRIPTION" CONTENT="Black Box Voting Reports">

From H-a-t-e.com

<META NAME="KEYWORDS" CONTENT="News, news, New, new, Technology, technology, Headlines, headlines, Nuke, nuke, PHP-Nuke, phpnuke, php-nuke, Geek, geek, Geeks, geeks, Hacker, hacker, Hackers, hackers, Linux, linux, Windows, windows, Software, software, Download, download, Downloads, downloads, Free, FREE, free, Community, community, MP3, mp3, Forum, forum, Forums, forums, Bulletin, bulletin, Board, board, Boards, boards, PHP, php, Survey, survey, Kernel, kernel, Comment, comment, Comments, comments, Portal, portal, ODP, odp, Open, open, Open Source, OpenSource, Opensource, opensource, open source, Free Software, FreeSoftware, Freesoftware, free software, GNU, gnu, GPL, gpl, License, license, Unix, UNIX, *nix, unix, MySQL, mysql, SQL, sql, Database, DataBase, Blogs, blogs, Blog, blog, database, Mandrake, mandrake, Red Hat, RedHat, red hat, Slackware, slackware, SUSE, SuSE, suse, Debian, debian, Gnome, GNOME, gnome, Kde, KDE, kde, Enlightenment, enlightenment, Interactive, interactive, Programming, programming, Extreme, extreme, Game, game, Games, games, Web Site, web site, Weblog, WebLog, weblog, Guru, GURU, guru, Oracle, oracle, db2, DB2, odbc, ODBC, plugin, plugins, Plugin, Plugins">
<META NAME="DESCRIPTION" CONTENT="I Hate You!">

doing what script kiddies do, spending his days sweating about his L33T rep. His forum is filled with the usual posturing tripe -- "Yer a faggot", "Fuck you, I 0wNz3R you." His site was defaced two days ago, so he's out for revenge. Most of the sites he hit are owned by guys who have insulted him.

He only knows a single PHP-Nuke exploit (something he gets ragged for in his forum). If you Google the credit phrases for sites running PHP-Nuke, right now Black Box Voting comes out near the top:

This web site was made with PHP-Nuke - BBV is #4

PHP-Nuke is free software - BBV is #3

Luck of the draw. Your popularity got you noticed.

.

who's paying his rent/electric/phone bill? They need some serious notification of the financial damage their little darling is doing.

Wally O'Dell

Diebold AccuVote Ingredients

Taxpayer money.................$5000
Security Flaws....................328
Critical Security Flaws.........26
CEO commitments to
deliver election to GOP........1
Tamper-proof Paper ballots...0
Tamper-friendly digital
ballots................................At least 32MB
Your actual vote..................None of your business.

I think this is professionally funded. These kiddies have too much time on their hands.

*

nt

who is hosting yahpro.org?



Diebold AccuVote Ingredients

Taxpayer money.................$5000
Security Flaws....................328
Critical Security Flaws.........26
CEO commitments to
deliver election to GOP........1
Tamper-proof Paper ballots...0
Tamper-friendly digital
ballots................................At least 32MB
Your actual vote..................None of your business.

http://www.watchman.org/profile/yahpro.htm

It sounds like one of the right-wing fundamentalists.

Never mind! I think Yahpro are the hosts for this site.

I think you're getting led astray. These are just kids. Go to http://www.yahpro.org and poke around. Take a look at the forums. And actually some of THESE kids aren't too bad.

For example, from Trinity's Matrix (Yahpro's "resident psychotic) ... but she's just a normal kid:

Wtf is up with the world today? Terminator for Governor...no more Concorde supersonic jets...Space Shuttles blowin up...USA is playing policeman in Iraq...the Taliban is vowing to fuck us up...

And thru it all...there's STILL millions of homeless people in the US...and alot of jobless people as well...

Dont get me wrong...i'm not bleeding heart liberal...but goddammit man...charity starts at home, ya know?


Sounds like she could be a "DU-er". (grin)

IMHO, these are just a bunch of normal kids ... some thoughtful, some messed up bad. I think the hacker is just what we used to call a juvenile delinquent.

Somehow I don't think the kids at "yahpro" are the hackers, although they do appear to have a tie to sh0k3.

.rog.

I hope you and your computer friends get to the bottom of this.
I admire all of you.

Been a long time since I wanted to beat the living shit out of a teenager :grr:

+--------------------------------------------------------------------+
| Disgruntled Fan Arrested, Indicted For Spam Attacks |
| from the malice-on-display dept. |
| posted by timothy on Wednesday October 08, @15:36 (spam) |
| http://slashdot.org/article.pl?sid=03/10/08/1857213 |
+--------------------------------------------------------------------+

An anonymous reader submits: "A *very* interesting precedent might
get set here. A California man has been arrested by the FBI for
{0}sending spam spoofing the From: email address of several
Philadelphia-area newspaper editors and writers. The charges relate to
the damage caused by having the bounces sent back to the Philadelphia
Inquirer and Daily News, with a total of more than 160,000 bounced
emails. Maximum penalties: 471 years in federal prison, $117 million in
fines." And not just arrested, either -- Reader red_dragon points to
{1}the indictment (PDF linked from this U.S. Attorney's Office release).

Discuss this story at:
http://slashdot.org/comments.pl?sid=03/10/08/1857213

Links:
0. http://www.philly.com/mld/philly/6954768.htm
1. http://www.usdoj.gov/usao/pae/News/Pr/2003/oct/carlson.html
:evilgrin:
:kick:

HOOO! Hope they all get sent to jail... -C

When I clicked on that page, ZoneAlarm (firewall) said that ugo20.exe was trying to access the internet. Apparently it was trying to install one of those "adware" programs (e2give) that will keep popping up ads spontaneously. I don't know if SpyBot will kill it, but PestPartrol will, or you can remove it manually with the steps shown on this page:

http://www.safersite.com/PestInfo/e/e2give.asp

Thanks for spot. But, I wasn't looking at the firewall logs when I found it. I don't see it my logs, because that program is not running on my computer.

But, if you have ugo20.exe running as a process, and Zone Alarm caught it trying to access the net, your computer has already downloaded and installed the trojan to access the pop-ups. That's why I don't see it on my machine, or in my firewall logs.

Check again for the removal instructions on the site you gave. It's possible that there's something else running that's trying pull in the popups (a bogus version of msys.com, maybe).

Cheers.