Jun 02 2008
Heike and I have reported on the well-known Chinese hacker sunwear several times:
A forum posting on eviloctal from sunwear shows a screenshot of a hacked metasploit.com with his mark: “hacked by sunwear ! just for fun”. Here is a link to the eviloctal.com forum posting. Thanks to sunbelt for the news. No way to tell if it was a hoax or real just yet. The metasploit site seems to be normal at the time of this writing. The forum post was made by sunwear on June 3.
Update (June 3 2003hrs GMT): One reader commented that the site was indeed hacked and that he was redirected to the evil octal forums.
Update from HD at Metasploit: The issue was that someone hacked a machine on the same subnet and was ARP spoofing the gateway. The metasploit.com machines were not compromised, but all HTTP requests coming into the ISP network were passed through a MITM defacer that inserted that HTML. Once I as able to set a static ARP entry and notify the ISP, the problem was resolved. So, to make things clear, the metasploit.com servers were not hacked, the ISP’s network was.
9 Responses to “Sunwear hacks metasploit.com?”