I've Been Hacked... Yea.. Yea...

Published: Monday, 09 July 2012 Written by Abang Wan

Salam and Hi,

About 4 weeks ago if I'm not mistaken, my blog and a few of my other domains was hacked... so I scout around the server to see what was going on... they deface the front page of my other domains except shazwan.com, upload shell script and the usual stuff... So I contacted my web hoster, 'serverfreak' asking them any details on the attack that they might have trace.

The support team, as usual is really fast to respond, the best if compared from all of my ex-hosters before this. they scanned the files for any miscellaneous script, asked them whether the server was patched cause I thought may be the attacker came from exploit on the server... meanwhile I upgraded all CMS to the latest version... long story short within 24 hour all of my sites was up and running normally again, thanks to the dedicated personnel in serverfreak the problem was resolve very fast.

Not even 48 hours from the 1st attack, my sites was hacked again. Now its from a different attacker, am I HOT or what, I know you guys love me but please restraint yourself. Again have to check all the files in the server, the same routine but deeper, again asked serverfreak support team for their help, yada yada yada , researching what exploit the attacker used, exploit on the server? on CMS? on the module?

Comparing the 1st attack and the 2nd, the 1st was messy, files was uploaded everywhere changing file that he wasn't suppose to, I think he/she still new don't exactly know what to do, so just mess with everything. The 2nd attacker was quite clean, only changing the file he suppose to, time in the server also seems short, maybe he/she had experience before.

After long hard read, testing and comparing attack pattern. I think they come from joomla component called 'hwdmediashare', because in June there was an exploit release that enable an attacker to upload remote shell into your server. So I decided to remove the component and restore all the sites back. Its seems ok now, again thanks a lot to serverfreak support team for their fast and efficient service. So until next exploit is released, these script kiddies will play else where for now, please get a life...


Hits: 2288

Add comment

Security code