10
Apr
Hacked by Root-X
stored in: Misc

My apologizes to anyone who visited the Thinkworx blog in the last 24 hours. I woke up yesterday to find that the site had been hacked into with all pages displaying the image below.

haCkeDByR00T-X

As far as I can tell the server hosting the site had been compromised, probably affecting all sites hosted on the server, rather than a targeted attack on this site.

After contacting my web host (2M Host) they were quickly able to get the site restored, but unfortunately it was restored to a very old version. After several messages trying to convince them that what they restored was not the April 6th, 2008 version, as they claimed, I finally gave up and proceeded to restore the site myself. Fortunately, once I had discovered the site was compromised I checked the database contents, which I found to be intact so I immediately downloaded a backup version and used this to restore the site.

Personally this was my first time getting hacked, since it isn’t an experience that I would like to repeat even if it wasn’t a hack directly on my site, I will be more security conscious from this point out. It also turned out to be an opportunity to move to WordPress 2.5, which, by the way, if you are using WordPress you will definitely want to use, this upgrade has a nice redesign of the dashboard and back-end administration with some nice new features.

—————————————
Related Resources
—————————————
After doing SY0-101 and N10-003, students usually go for 642-812. A small number tries for 70-294 instead since they are more interested in 70-647 than the advanced 640-816.

Comments
  • Nice HACKER!! Our website is for a non-profit fundraiser. What an absolute JERK!!
  • Our site has just been hacked (should that be cracked then?) by the same guy - anybody know what could possibly be the motivation for this? It just seems the most knobby/nerdy thing to do, total waste of time isn't it? Any ideas?
  • I think, it's true what you say
  • Wonderful ! very good info. keep it up.
  • very nice info here. happy to read it.
  • Stop calling him a hacker. You're just perpetuating a stereotype. He's a cracker. There's a difference. Crackers are criminal hackers, cracking boxes just to be jerks. Hackers explore systems and find neat ways to make something do what it was not intended to do. There's even an ethical hacker certification to show that one knows all of the laws regarding penetration testing, the sort of testing you pay for to ensure that your system really is properly secured.
  • Shahram Honarmayeh
    Dear Thomas, our website is also attacked by the same hacker within an hour ago. I wrote a letter asking the solution to your host which they have gotten action on it before. Hope our sites also has been up to the latest version.
  • @Alan, sounds like good service indeed. Who do you use for your hosting?
  • Within a few hours the server affected was taken off line, and a couple of hours later, came back on, fully restored and back to normal.

    So, a total of 5 or 6 hours from attack, to working normally again, which I think is good service.
  • Alan, I hope your host is able to get their servers patched and back up as quickly as mine did. Good luck!
  • My website was hacked by the same person this morning.

    Different host to yours (xcalibre in the UK), so....

    B**** hackers!
  • Besides not getting the database restored properly, the rest of the support by 2MHost was excellent. They were fast in responding to my support tickets and there wasn't any issues as they recently moved the account to a new server.
  • The hack was server wide because of old os-commerce script used by a client, we found the security hole, and patched all servers we have
  • Actually I was already running WP, however I hadn't upgraded to the latest release. 2Mhost.com, similar to most hosts, run the cPanel platform which offers the Fantastico scripts, included in which is WordPress. I just ran the upgrade option to get the latest release.
    Interestingly enough, today I received an email from my host that they will be moving my site to a new server for security reasons. Hopefully this will help reduce the chances of it happening again.
  • teddy
    very sorry for this :-(
    how about converting the db from your previous platform (which was?) to WP?
    was it easy, or does WP provide utilities to convert?
blog comments powered by Disqus