Https based Lycos Intranet Portal has been defaced recently. The address of the portal is

https://lip.lycos-europe.com/login_form

(redirects to URL using authentication parameters etc.)

The only visible track at site is the HTML Title:

“STOP WAR, israel and the u.s.a are terrorists, Defaced by xenoc”

IP Location is in Sweden; Spray Network Services Ab.
Registaration information is the following:

org-name: Spray Network Services AB
org-type: LIR
descr: Lycos Europe
address: P.O. 315
address: DE-33311
address: Guetersloh
address: Germany
…

At time of writing I’m not sure what are the dependencies between Lycos and Lycos Europe (both of them use dog pictures as their logo and favicon too).

It is worth of noticing that the SSL certificate of the site has expired on 18th Feb.

They are running Apache/1.3.31 on Linux.

Zone-H mirror can’t render the login page at time of writing for some reason.

-

Are you scanning your site for vulnerabilities on a daily basis?