Announcement

Collapse
No announcement yet.

Hacked!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacked!

    We're currently down but should be back up later today.

    Even a 24 letter password of random hieroglyphics was not enough to do the job. Irritating to have to run a restore, but no biggie as we have not lost any content at all.

    Good time to look at your passwords CS'ers?

    Cheers

    Chris
    Last edited by TC; 22 November 2014, 08:00 AM.

  • #2
    Thanks for the heads up Chris.

    Regards,

    Matt

    Comment


    • #3
      Cheers!

      24 random characters is quite a challenge to brute force - perhaps they found another way in?

      Comment


      • #4
        Hiya

        The password is probably not how they got in. Usually its vulnerabilities in the code of the underlying hosting system or content management system (CMS). I recently got rid of a Joomla system on a site that I manage as I was always worried about it being vulnerable. The CMS code needs to be kept up-to-date with any security patches. The trouble is that this takes time and sometimes your site can break when an update is done.

        Often these hacks can be very amusing (unless your the site owner) and often there are "mass defacements" where a cracker will deface several dozen websites in one go. There are sites on the web that record the defacements so years later you can see what happened to a site. (yep your listed http://www.zone-h.org/mirror/id/23289036 )

        Sorry to see it hacked Chris, but the graphics and sound was funny and they had a serious message to make :-)

        Mike
        Last edited by speleomike; 22 November 2014, 10:39 PM. Reason: Added zone-h listing

        Comment


        • #5
          Yes Mike...

          FWIW, I'm not that worried about it. We'll just wait while the web guys do their stuff and we'll be up and running again once it's done.

          Cheers

          Chris

          Comment


          • #6
            Chris I think you run Wordpress for your website...It looks like it with maybe Woo commerce for the sales side, If so there was an update put out just recently as there was a major vulnerability in the earlier wordpress platform.

            Comment


            • #7
              As someone who runs a (small) web server and follows security issues, if your password really was "24 letter password of random hieroglyphics" then it's almost certain that that wasn't how they got in. That said, length on its own is not a guarantee of anything, especially if you cobble together words in a dictionary, but carefully constructed passwords of sufficient length should be enough.

              If your site was based on Wordpress, then that is top of the list of suspects. I have occasionally been tempted to run a site like this, but the issues that MIke mentioned have always deterred me.

              Sounds like you're not a propeller-head yourself, but I do think you've got some hard questions to ask your IT people, because these things should not happen, or hardly ever, if the software behind the site is well-configured and kept up-to-date.

              Comment


              • #8
                Originally posted by gunda View Post
                If your site was based on Wordpress, then that is top of the list of suspects.
                Yes- but I'm not certain that wordpress was used as "method". Will be interesting to see what the boys find...

                Sounds like you're not a propeller-head yourself
                I administered an entire school IT system in a past life. These days I choose coffee instead

                Comment


                • #9
                  SQL injection is the most common cause of these. Most likely a bot.
                  You just need to have your guys harden the code against the common methods.
                  OWASP will help them.
                  Also as diode123 said, some of the Wordpress plugins need a close look.
                  It's easy for someone without much knowledge to run your domain name against builtwith to check out everything you're running and google for vulnerabilities so it needs to be watertight or they'll walk right back in once it's up again.


                  Tim

                  Comment

                  Working...
                  X