The registration department of Kerala has launched a web site which lists fair value of land in various parts of Kerala. Here is a report about the inauguration of the site . Being a land owner( and,of course a member of the so called land mafia), I was eager to find out the fair value of some of my property.
At 2.30 pm on 29th May 2008, I got the following screen.
I had a different screen in the morning, but could not go beyond the starting screen.
This is a classic case of Kerala Government web sites getting failed on the very first day of operation. The fair price of land being a sensitive issue, the the server might have got fairly good amount of hits this morning. The sys admins of most of the government websites are unaware of issues like slashdot effect.
Ok. Let us find out what this http://igr.kerala.gov.in is.
Browsing to http://188.8.131.52 also gave the above page. Hence, it is assumed that the domain is hosted on a dedicated IP.
Let us run nmap and find out what OS is being run.
debian:/home/sunil# nmap -P0 -sV -O -v igr.kerala.gov.in
Starting Nmap 4.11) at 2008-05-29 20:07 IST
DNS resolution of 1 IPs took 0.00s.
Initiating SYN Stealth Scan against 184.108.40.206 [1680 ports] at 20:07
Discovered open port 80/tcp on 220.127.116.11
SYN Stealth Scan Timing: About 39.46% done; ETC: 20:09 (0:00:46 remaining)
The SYN Stealth Scan took 84.78s to scan 1680 total ports.
Initiating service scan against 1 service on 18.104.22.168 at 20:09
The service scan took 6.29s to scan 1 service on 1 host.
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
For OSScan assuming port 80 is open, 35912 is closed, and neither are firewalled
Host 22.214.171.124 appears to be up … good.
Interesting ports on 126.96.36.199:
Not shown: 1679 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 6.0
Device type: general purpose
Running: Microsoft Windows 2003/.NET
OS details: Microsoft Windows 2003 Server SP1
TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
IPID Sequence Generation: Busy server or unknown class
Service Info: OS: Windows
Nmap finished: 1 IP address (1 host up) scanned in 94.289 seconds
Raw packets sent: 5074 (224.128KB) | Rcvd: 27 (1875B)
The server is running widows 2003 server. I was under the impression that all the Kerala government sites are on free software.
I did some more research on some prominent Kerala government sites and I feel most of them are vulnerable. Some of them running unwanted services, open relays,outdated software etc. Try running nmap on a couple of them. No wonder they get hacked so often.
Let us wait and see how the registration department web site will come up.
Update 8pm 29 may 2007:
The site is back online.
Here is a screen shot. Even though it is showing server busy, I could access records from the site.
There is a detailed page here on how to access your lands fair value. Now look at the front page there is a user login box on the right side. Click on the user drop down box. All user names are listed. This seems to be for data updation from various district offices.
Now, select any user from the list, click on the forgot password link.. :d Tomorrow each of the users will see thousands of mails announcing change of password.