Web defacement contest set for July 6

Lock down your Web servers. The first Defacers Challenge, complete with prizes for the hacker or hackers who can first deface 6,000 Web sites, is scheduled for July 6.

According to an announcement posted on the Web site at www.defacers-challenge.com, the contest will be conducted over a six-hour period. The time has not been set, but probably will be in the morning.

"My hope is this being first of many defacers challenge!" the site says.

The announcement is written in comically broken English, but security experts are taking the threat seriously. Internet Security Systems Inc. of Atlanta raised its threat level Wednesday to AlertCon 2, on a four level scale, recommending increased vigilance.

"We've checked with a couple of sources, and we believe it is a valid concern," said Peter Allor, manager of ISS' X-Force Threat Analysis Services.

Since the announcement appeared late last week, ISS and other security firms have seen increased reconnaissance traffic, Allor said.

According to its posted rules, the challenge will be a freestyle contest with a goal of defacing 6,000 sites. The individual or team hitting this number first will win. If no contestant reaches that number, the highest number of defacements will win.

Duplicate defacements within subdomains will not be counted, nor will defacements in free hosting domains, such as geocities or angelfire.

Points also will be awarded based on the operating of the server. Windows operating systems will receive one point, Linux and BSD OSs will be worth two points each, AIX will be worth three points, and HP-UX and Macintosh operating systems will be worth five points each.

The higher points reflect the fact that these operating systems are less numerous in Web servers and are less frequently targeted.

The winner apparently gets 500M of Webmail hosting. Judging will be based on defacements reported to and verified on the www.Zone-H.org Web site, which is not connected with the contest.

"Zone-H is the Internet thermometer and when the Internet has a fever, we just want to be there to measure it, nothing more," the web site's administrator said. "Personally I consider this challenge a silly thing."

There are indications that the hacking community is preparing for the contest, Allor said.

"Defacements are down," he said. "We believe they are down because [hackers are] holding back. There also is an increase in people checking banners and fingerprinting machines."

Publicly available domain registration information for the defacers challenge site is not accurate, but there are indications of the source of the site.

"We believe that the text of the Web page was translated through a Web translation service," explaining the bizarre wording and grammar, Allor said. "The translation, we believe, is out of Portuguese."

Allor recommended hardening servers by updating patches and turning off unneeded services, and keeping an eye on intrusion detection logs and traffic flows.