Results 1 to 9 of 9

Thread: Hacked!

  1. #1
    TC
    TC is offline
    .
    Join Date
    Oct 2004
    Location
    Melbourne
    Posts
    14,665

    Hacked!

    Gene Cafe Coffee Roaster $850 - Free Beans Free Freight
    We're currently down but should be back up later today.

    Even a 24 letter password of random hieroglyphics was not enough to do the job. Irritating to have to run a restore, but no biggie as we have not lost any content at all.

    Good time to look at your passwords CS'ers?

    Cheers

    Chris
    Last edited by TC; 22nd November 2014 at 08:00 AM.

  2. #2
    Senior Member
    Join Date
    Nov 2014
    Location
    Adelaide, SA
    Posts
    134
    Thanks for the heads up Chris.

    Regards,

    Matt

  3. #3
    Senior Member
    Join Date
    Oct 2011
    Posts
    1,376
    Cheers!

    24 random characters is quite a challenge to brute force - perhaps they found another way in?

  4. #4
    Senior Member speleomike's Avatar
    Join Date
    Nov 2005
    Location
    Sydney
    Posts
    920
    Hiya

    The password is probably not how they got in. Usually its vulnerabilities in the code of the underlying hosting system or content management system (CMS). I recently got rid of a Joomla system on a site that I manage as I was always worried about it being vulnerable. The CMS code needs to be kept up-to-date with any security patches. The trouble is that this takes time and sometimes your site can break when an update is done.

    Often these hacks can be very amusing (unless your the site owner) and often there are "mass defacements" where a cracker will deface several dozen websites in one go. There are sites on the web that record the defacements so years later you can see what happened to a site. (yep your listed http://www.zone-h.org/mirror/id/23289036 )

    Sorry to see it hacked Chris, but the graphics and sound was funny and they had a serious message to make :-)

    Mike
    Last edited by speleomike; 22nd November 2014 at 10:39 PM. Reason: Added zone-h listing

  5. #5
    TC
    TC is offline
    .
    Join Date
    Oct 2004
    Location
    Melbourne
    Posts
    14,665
    Yes Mike...

    FWIW, I'm not that worried about it. We'll just wait while the web guys do their stuff and we'll be up and running again once it's done.

    Cheers

    Chris

  6. #6
    Member
    Join Date
    Apr 2014
    Posts
    87
    Chris I think you run Wordpress for your website...It looks like it with maybe Woo commerce for the sales side, If so there was an update put out just recently as there was a major vulnerability in the earlier wordpress platform.

  7. #7
    Senior Member
    Join Date
    Jul 2014
    Posts
    174
    As someone who runs a (small) web server and follows security issues, if your password really was "24 letter password of random hieroglyphics" then it's almost certain that that wasn't how they got in. That said, length on its own is not a guarantee of anything, especially if you cobble together words in a dictionary, but carefully constructed passwords of sufficient length should be enough.

    If your site was based on Wordpress, then that is top of the list of suspects. I have occasionally been tempted to run a site like this, but the issues that MIke mentioned have always deterred me.

    Sounds like you're not a propeller-head yourself, but I do think you've got some hard questions to ask your IT people, because these things should not happen, or hardly ever, if the software behind the site is well-configured and kept up-to-date.

  8. #8
    TC
    TC is offline
    .
    Join Date
    Oct 2004
    Location
    Melbourne
    Posts
    14,665
    Quote Originally Posted by gunda View Post
    If your site was based on Wordpress, then that is top of the list of suspects.
    Yes- but I'm not certain that wordpress was used as "method". Will be interesting to see what the boys find...

    Sounds like you're not a propeller-head yourself
    I administered an entire school IT system in a past life. These days I choose coffee instead

  9. #9
    tim
    tim is offline
    Administrator
    Join Date
    May 2004
    Posts
    246
    SQL injection is the most common cause of these. Most likely a bot.
    You just need to have your guys harden the code against the common methods.
    OWASP will help them.
    Also as diode123 said, some of the Wordpress plugins need a close look.
    It's easy for someone without much knowledge to run your domain name against builtwith to check out everything you're running and google for vulnerabilities so it needs to be watertight or they'll walk right back in once it's up again.


    Tim



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •