DonkBoy Internet
Home of the famous
Information Archives.
"For the curious"
Indiana Internet service provider changes names to escape sorted history.
And I hate it when people treat me like I'm stupid.
MyVine.com, the residential service of HyperVine.net, is a privately held Internet Service Provider, serving over 100,000 subscribers. Formerly named SkyeNet in IN, MI, OH, KY, WI and GrapeVine/IDC in KS and MO
MyVine.com, a service of HyperVine.net also owns Skyenet.net located in Mishawaka In. Just another attempt to hide their identity from the many dissatisfied customers over the years. Try as you might, there will always be web sites like mine to expose crooked and unscrupulas outfits like this. Read on and learn.
How secure is your homepage? Don't ask Skyenet.net . They don't have a clue. In fact, they sent me this email snip:
"Regarding the page tampering, the only thing we can reccomend is to change your FTP password," "Please give us a call anytime at 1-888-922-3462 to change your password". "For security purposes, we do not distribute passwords via email."
Skyenet / Netusa1 weaknesses are based in CGI holes, which they choose to ignore. At the bottom of this article is a description of the holes in question and a listing of holes on their system.
www.netusa1.net/~kk9g Defaced for 3rd time in 3 weeks and finally killed.
On a lighter note. They neglected to disable the email service, so I still use it for FREE.
This service provider and associated ISP's have been deemed as a security risk. Entire contents have been deleted and replaced by :
<META HTTP-EQUIV="REFRESH" CONTENT="0; URL=http://www.tagesschau.com/">
Formerly known as www.netusa1.net and purchased by www.skyenet.net , this has been a poor partnership. Security is a joke, service is worse, and technical support takes days to return email if at all. On at least 3 occasions since December 2000, this site has been hacked / defaced by parties yet unknown. Skyenet technical support was notified, but seem to be uninterested in entertaining the thought that their system was compromized. See next paragraph:
Many sites that maintain a Web server support CGI programs. Often these programs are scripts that are run by general-purpose interpreters, such as /bin/sh or PERL. If the interpreters are located in the CGI bin directory along with the associated scripts, intruders can access the interpreters directly and arrange to execute arbitrary commands on the Web server system. This problem has been widely discussed in several forums. Unfortunately, some sites have not corrected it.
| Vulnerable CGI programs and application extensions |
| Most web servers support Common Gateway Interface (CGI) programs to provide interactivity in web pages, such as data collection and verification. Many web servers come with sample CGI programs installed by default. Unfortunately, many CGI programmers fail to consider ways in which their programs may be misused or subverted to execute malicious commands. Vulnerable CGI programs present a particularly attractive target to intruders because they are relatively easy to locate, and they operate with the privileges and power of the web server software itself. Intruders are known to have exploited vulnerable CGI programs to vandalize web pages, steal credit card information, and set up back doors to enable future intrusions, even if the CGI programs are secured. When Janet Reno's picture was replaced by that of Adolph Hitler at the Department of Justice web site, an in-depth assessment concluded that a CGI hole was the most probable avenue of compromise. Allaire's ColdFusion is a web server application package which includes vulnerable sample programs when installed. As a general rule, sample programs should always be removed from production systems. |
| Systems Affected: All web servers. CVE
Entries: |
[ CGI Analysis ]
Host: http://www.netusa1.net
Mode: Scan for all CGI holes (Total: 67)
Hole Found: Count.cgi
Hole Found:
HTML Script
Hole Found: VTI
BIN [shtml.exe]
Hole Found: VTI INF [_vti_inf.html]
Scan Complete - 4 holes found.
============================================
Host: http://www.skyenet.net
Mode: Scan for all CGI holes (Total: 67)
Hole Found: Count.cgi
Hole Found: nph-test-cgi
Hole Found: PHF
Hole Found: VTI
BIN [shtml.exe]
Scan Complete - 4 holes found.
Before the pages at www.netusa1.net/~kk9g were removed, a message to the defacer stated that since the ISP didn't care, try doing it to their homesite. That may have pushed SkyeNet a little bit too far.....Duh. I'm sure that by locking me out of my account will fix ALL their exploitable holes.....ya think.
Site Busting is easy if thats your game.
Why would an ISP leave doors open? Ask them at SkyeNet Technical Support
| Webmaster: Billing: General Inquiries: Commercial Sales: Feel free to quiz them on current security practices and be prepared to laugh at their responses. |
webmaster@HyperVine.net billing@HyperVine.net feedback@HyperVine.net sales@HyperVine.net
|
This information is here as a public service, to help others searching for a secure place to house a homepage. Knowing a providers weaknesses can help make your decision easier and safer.