What happened to old-computers.com?

[famicomaster2]

I just think it's ridiculous to destroy something like this - What's the point? I would understand if it was some multi-billion dollar company, or a bank, or a government institution, I can see reasonable (though disagreeable) motives there.

But what was the end goal here? To destroy some guy's hobby project that *only* benefits the community it was built by? What notoriety do you get in the hacking community for demolishing a 15+ year old website anyways? Surely there's no "street cred" for the penetration on this.

I wonder if the guy is getting hate from others in his own community - I imagine there has to be at least *some* crossover between hacking and vintage computing, there have to be a few people there who were aware of or liked this site and were disappointed that what is most likely some lonely college kid bricked a website they liked for no discernible reason.

It confuses and enrages me to no end, but maybe that's the point. Dude was just a troll to begin with and did it only to upset others. Indisputably the worst kind of person there is, one who takes actions only if they result in the worsening of life for others.

 

[stepleton]

I doubt the hackers had any specific intention directed towards old-computers.com.

If you run a website, take a look at the logs. Compromised computers are often used to find other compromised computers: software is installed to crawl the web and follow links here and there. For every new host, the software automatically tries a number of canned attacks --- your server logs will show you all the malformed requests that are the product of this. If an attack succeeds, the now-compromised computer downloads a payload and starts doing whatever is desired from the botnet: crypto mining, ddos-ing, spamming, whatever. It also may start its own scans for systems to compromise.

This software isn't necessarily written with the greatest care w.r.t. whatever the computer is originally doing. Filesystem full? Too bad; maybe delete stuff. Webserver running? Nuke it and replace everything with a phishing website that looks like the $BIGBANK login page. And so on.

I doubt it helps, but there's no reason to take it personally --- it's unlikely the script that broke the website cared about old computers.

 

[stepleton]

To illustrate, here's something I can find in the logs of a webserver of mine (note that I've <redacted> all IPs):

<redacted> - - [10/Jan/2024:20:32:01 +0000] "GET http://<redacted>:80/phpMyAdmin/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:04 +0000] "GET http://<redacted>:80/phpmyadmin/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:07 +0000] "GET http://<redacted>:80/phpMyAdmin-2.11.4/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:10 +0000] "GET http://<redacted>:80/phpMyAdmin-2.11.3/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:13 +0000] "GET http://<redacted>:80/phpMyAdmin-2.10.0.2/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:16 +0000] "GET http://<redacted>:80/phpMyAdmin-2.10.3/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:19 +0000] "GET http://<redacted>:80/phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:22 +0000] "GET http://<redacted>:80/phpMyAdmin-2.10.2/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:25 +0000] "GET http://<redacted>:80/phpMyAdmin-2.11.9.2/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:28 +0000] "GET http://<redacted>:80/phpMyAdmin-2.11.0/scripts/setup.php HTTP/1.0" 404 162 "-" "-"
<redacted> - - [10/Jan/2024:20:32:31 +0000] "GET http://<redacted>:80/phpMyAdmin-2.11.7/scripts/setup.php HTTP/1.0" 404 162 "-" "-"

Some computer out there had a go at looking for vulnerabilities related to phpMyAdmin and a few other things. It attempted about 50 times, always trying something a little bit different. I think these scans make up the majority of my traffic, actually (it's a pretty low-volume website!). This is just another feature of the modern internet...

 

[famicomaster2]

It still bugs me that there are people out there who designed this software to be destructive. There is still an annoying little prick of a human somewhere at the end of all of this, and I hope he's desperately ashamed of himself for the rest of his natural lifespan.

 

[pbirkel@gmail.com]

It's the modern equivalent of a bank of telephones in a boiler room a century ago with folks "just making a living". A long prior lineage extending back to who-knows-when. Maybe not the world's oldest profession, but I suspect that it comes close. Technology changes but human nature doesn't seem to.

 

[cjs]

It still bugs me that there are people out there who designed this software to be destructive.

This is the intentionality fallacy: you assume that, because the software was destructive, it was designed to be destructive. But it's more likely that someone has a tool designed to take over websites that managed to get rid of the old website, but failed to replace it with their new desired website (hosting malware or whatever). When you're going after literally tens of thousands of servers, it's just not worth the effort to make sure your code works right on every server and configuration you might encounter; it's easier just to have the bot go find more servers when you lose one due to a "bug" in your code.

 

[rmay635703]

This is the intentionality fallacy: you assume that, because the software was destructive, it was designed to be destructive. But it's more likely that someone has a tool designed to take over websites that managed to get rid of the old website, but failed to replace it with their new desired website (hosting malware or whatever). When you're going after literally tens of thousands of servers, it's just not worth the effort to make sure your code works right on every server and configuration you might encounter; it's easier just to have the bot go find more servers when you lose one due to a "bug" in your code.

Most scammers are shielded in certain foreign countries in legitimate businesses.

Generally we know who and where they are, eliminate about 6 of these high rises and 95% of scam calls and 80% of “hacks” would end for a period of time.

If we wanted we could certainly fight this rather mainstreamed majority of scammers, push them underground fear of god and much of it would probably stay reduced.

Now days Script kiddies and homegrown misfits are usually less of an issue and less effective than the business like organized crime groups, considering the geo-politics going on today I’m surprised these rather forward facing scam farms haven’t been bombed considering the amount of terror and suffering they create

 

[GeordieAl]

The server was hacked and all the content was deleted. It was an old server with an old website, if I spend time restoring the backup, I am pretty sure it will be hacked again within the next 5 minutes, so... not really worth wasting time on it. Maybe I should just redirect all the pages to archive.org...

I had also been wondering where the site had gone.. it's been my go to site for years when I wanted to look up something retro computer related!.

I'm just wondering if there is anything I can do to help the situation... I'm an ASP developer ( yes we still exist... there's still a surprising number of ASP sites out there! and they can be made secure!) I'd be willing to take a look over things and see if code could be cleaned up, look for obvious vulnerabilities etc. I could replicate the site on the server I use so that it could be worked on away from the prying eyes of potential malicious individuals. While working on it I could also dump the site to static HTML pages that could be used as a temporary solution for public viewing until a proper secure site could be relaunched.

What sort of storage/bandwidth requirements did the site have? Any specific dependencies that it used?

Would hate to see the site vanish from the web, it's such a valuable resource!

 

[famicomaster2]

But it's more likely that someone has a tool designed to take over websites that managed to get rid of the old website, but failed to replace it with their new desired website (hosting malware or whatever).

I would argue that this is still intentionally destructive. The software intentionally destroyed some data to replace it with more destructive data.

 

[SharpMZ]

I had a look at the server today. It is worse than what I thought, not only the site is gone but also some (lot of) system files. The IIS web service cannot start for some reason and I don't really have time to investigate. At that point, it would be better to reinstall the os, but that will be complicated, I'll need to see that with the hosting company and see what we can do, not sure I will find some time to do it soon. I'll try tomorrow to install apache with mod_rewrite and redirect all the requests to archive.org.

 

[fargo]

Do you have an offsite backup? You may set a fund me campaign and let the community pay for the restoration and hosting. I’ll be more than happy to donate for the website recovery.

 

[Timo W.]

He has - at least he said so:

if I spend time restoring the backup, I am pretty sure it will be hacked again within the next 5 minutes, so... not really worth wasting time on it.

Also, with wbm-dl, it would be easy to just pull a snapshot from archive.org. It would be static, of course, but would allow the site to be online again in no time. And then you would have all time in the world to get the actual code up-to-date or transfer the content to a newer CMS.

He did not react to my offer either, so I guess it's just not happening.

 

[Torch]

It's the modern equivalent of a bank of telephones in a boiler room a century ago with folks "just making a living".

A century ago? India is currently a giant a boiler room and the US gets hit with 33 million calls a day.
It'll only stop when there are no longer boomers to dupe out of $10 billion a year.

 

[Ebefizio]

perhaps the offline backup could be made into a pdf book, with a chapter for every computer? that would be easy to share and preserve. A book is static, but descriptions of old computers don't need much updating anyway.
Preserve the preservation...

 

[LyceusAnubite]

Hello, Let me introduce myself.

I am just another nerd who loves retro computing and like many other fans I did made a daily stop in old-computers.com

As I saw in Jan 2024, the site was down. And I was wondering if that was just a trouble of domains. Until today that I read the sad news.

Well this is when I hope I can help a bit here. For made a long tale short, I visit my gramps house in the country for decades, where WiFi is not possible to install. So with an old computer with windows 7 and emulators, I wanted to have some mirrors of my favorite websites to read at nights.

So I remember that I did hoard the whole site from 2007-2008 and I have a small backup of the site. Not only the html but also images of the site as I will show as proof too. So if this can be useful for rebuild the site I offer a copy of the offline mirror. I am more active in Twitter at this handle, just @ me as I block DM for avoid bots.

Edit: I posted better images of the files.

 

[Redempshin]

Did this ever get any traction on rebuilding the content (even as a static site)? It seems there is/was a lot of interest in helping, so it would be a bummer for it to fizzle out. Even if the backup was released as a ZIP and "no support offered or implied" it the data could be there. I've been using the wayback machine, but it's not always a willing participant.

 

[Lutiana]

But what was the end goal here? To destroy some guy's hobby project that *only* benefits the community it was built by? What notoriety do you get in the hacking community for demolishing a 15+ year old website anyways? Surely there's no "street cred" for the penetration on this.

It was almost certainly an automated scanning bot that found a vulnerability and took advantage of it. It's highly unlikely to have been a targeted attack. Spray attacks are, unfortunately, the reality of the public internet.

My guess (and to be clear is a guess based on industry training and experience and not on anything to do with this specific case, I have no insider info here) is a bot found the vulnerability, leveraged it, probably encrypted everything and notified it's handlers who then tried to extort the owner for money, or maybe just hit the "delete" button when they realized no money could be made from such a small niche operation (better to burn all the evidence). But we may never know for sure.

If you have web facing services, secure them. Not because someone will target you specifically, but because if you don't you will definitely be caught in the cross fire at some point.

 

[hush]

It was almost certainly an automated scanning bot that found a vulnerability and took advantage of it. It's highly unlikely to have been a targeted attack. Spray attacks are, unfortunately, the reality of the public internet.

My guess (and to be clear is a guess based on industry training and experience and not on anything to do with this specific case, I have no insider info here) is a bot found the vulnerability, leveraged it, probably encrypted everything and notified it's handlers who then tried to extort the owner for money, or maybe just hit the "delete" button when they realized no money could be made from such a small niche operation (better to burn all the evidence). But we may never know for sure.

If you have web facing services, secure them. Not because someone will target you specifically, but because if you don't you will definitely be caught in the cross fire at some point.

+1, spent a few years working in webhosting and pretty much every compromise i ever worked on was automated. base64 encoded php shells in wordpress sites all day baby :>

 

[cjs]

If you have web facing services, secure them. Not because someone will target you specifically, but because if you don't you will definitely be caught in the cross fire at some point.

Actually, it's even a bit worse than you say; if you have a server hosting material on the web, you are being specifically targeted as a member of the group of people/organisations that, well, host material on the web.

Being able to take over a server that hosts static web pages has several uses, including hosting landing pages for spammers selling goods, or trying to redirect people onward to somewhere else, or whatever. (They can't just go the cheaper and easier route of getting their own web server, because as the URLs are found in spam, the hosting providers get notified and take down the sites.)

If you also have a server-side scripting language that can run arbitrary programs, you become even more useful because your server can be used as a host for things like denial-of-service attacks.

So yes, the automated scanners that try to do server takeovers are aimed at pretty much every web site on the Internet, regardless of the content on those web sites. And, as I mentioned above, the exploit code does not need to be particularly reliable; if on half the sites it successfully gets an exploit loaded but then, though some quirk of the particular site, goes and breaks or deletes the entire site rather than succeeding with a more subtle takeover, that's no big deal; the attacker still gets a hundred thousand rather than two hundred thousand sites for his own use. So they often don't put a lot of work into making the exploit reliable, counting instead on just making attempts on more sites.

 

[Zare]

Being able to take over a server that hosts static web pages has several uses, including hosting landing pages for spammers selling goods, or trying to redirect people onward to somewhere else, or whatever.

I'm not sure about this. If you serve static content what's left of vectors to attack are services and OS directly. Each successful exploitation in this area allows attacker to control huge parts of the server.
I know people who run small private sites for decades without much issue. They serve static content and they don't manage their content over the web - there is one site you probably landed on via google when searching how to do something particular with an Unix command at least once if you google those things; owner just sshs into his box to update content which is done via Markdown transformation.

There are also option to do CMS-alike flows, if you perform management on secondary web server via PK auth directly.

Then there is the enterprisey way with REST services and tokens. In any case, there are options, but mid-2000s server-scripted CMS anyone can log into and be promoted as a publisher is just too naive. A general opinion - I haven't tracked closely what has happened to old-computers, whether it was exploit through ASP or ancient IIS directly, so this isn't criticism.