‘Script Kiddies’ Attack FoundryNAP

Jeff Berg
CYBERSPACE - Visitors to several websites hosted by FoundryNAP Networks were met with administrative announcements recently after ‘script kiddies’ targeted the host for the second time in two weeks, Director of Operations Christopher Gotzmann told XBiz.

The New York-based FoundryNAP Network consists of seven bandwidth carriers and provides managed collocation services and dedicated servers for hundreds of adult websites. FoundryNAP currently hosts over 6,200 websites.

Exploiting a vulnerable script on one of FoundryNAP’s virtually hosted sites, cyber-tagging group “FuckOSX” changed around 70 sites late Wednesday night to include a message from the group and what appears to be information obtained from a shell account.

“An exploitable script was uploaded and run by a free-hosted client,” Gotzmann said. “It was then used to scan for index files on the server. We were on it about five to ten minutes after it happened. But the actual appearances of sites were not changed for about one to two hours afterwards, though, as we had to recover some files.”

According to posts made on popular webmaster message board GoFuckYourself.com, the second attack was the result of a virtually hosted site using a TagBoard script that FoundryNAP administrators had already warned the user about.

“The user running the script was warned previously [when the first attack occurred], and put the tag script back up anyway,” wrote one poster. “This user has been terminated for abuse. This occurrence has no reflection on the quality of an administrators' experience. No host can prevent a client from uploading and loading a TagBoard script […] into their virtual account, and then have it be compromised.”

FoundryNAP administrators try hard to give users creative freedom, said Gotzmann, but that can cause problems when users don’t know much about the scripts they use on their sites.

“We don’t really want to limit users as to which scripts they use," Gotzmann said. "However, as a general rule of thumb, I tell clients to search on Google.com for the script. We are also always available to answer any questions on the usability of a script before, during and after the installation of it.”

“The administrators here at FoundryNAP.com know what it takes to secure a server,” said Gotzmann. “We constantly increase our knowledge on new security holes, which pop-up almost daily, and in the process also increase our know-how on different possible solutions.”