Photowalkrs was hacked!

Yes, it’s true! Photowalkrs was hacked a few days back, on day of Christmas eve to be exact, and was down for almost a day before we could get it live once again. Photowalkrs was back on Christmas though, so nothing to worry!

Before this gets anymore exciting, I must tell you that things are all cool now. Although, the issue was resolved but we really don’t know how it all happened.

On 24th December night, when I opened photowalkrs.com an unusual thing happened, instead of our regular homepage, I saw that a site was hacked and had a totally unrelated page on display saying that .

I immediately contacted Kazi and we figured out that JasOnz666 is an Indonesian hacker! So, here we were, with no clue how this could’ve happened on our secure hosting and why the hell an Indonesian dude had decided to deface our URL.

After a little more searching around, we landed on this site which has a record of our site getting hacked.

But then Kazi started finding out about the issue on net while I was contacting the support team of our hosting servers, which for the time being is GoDaddy. They couldn’t be of much help but Kazi had figured out that ours was a case of URL defacement by the use of SQL injection.

Now this is pretty interesting, read the chat we had –

Kazi: so it seemed they only change the index page
            they got ccontrol to admin panel
Me: and they didn’t do it manually
Kazi: more like sql injection
            they do it from the address bar directly
Me: wat’s sql injection ?
Kazi: runnning sql queries using the url
domain.com/<some php + sql query>
           these are loopholes
           and infact there are hack tools for
gaining access to admin panel
searching for vulnerable sites
           so ours must be one such site that came up in the results
Me: lol
          it was funny though, indonesian hackers! ftw
Kazi: :D
Me: ill write a mail to godaddy about the index file being replaced
Kazi: yup
            btw here’s a tutorial for website defacement
            even you can try it out :P
            more info :D

 

So, the end result was, we were live back again on Christmas and GoDaddy support just sent us a page on how to avoid being attacked by malware. The whole incident was funny and taught us something interesting, atleast now we can replicate the scenario on our future competitors ;-) But I’m still curious as to how those Indonesian dudes came to know about us, when we don’t even conduct photowalks in Indonesia (as of now) :-D\

Edit – later we found out that the attack was because of the theme we were using and not something particular with our servers. When we shifted to a new theme, we never faced any attack again.

 


  • If assumption is that your future competitors will not know about Web App Security 101, then yes :)

    • I know it was a basic thing, it’s just that we never expected this nor had we had such a case before!
      BTW, if you can share some resource on the basic checkpoints to ensure such a embarrassment never happens again, it’ll save our faces :-D

  • You guys are not using a framework to build your site, are you?

    • Well, a little background for that question would have been better, but yes, we are using a Framework for Photowalkrs. If the question was in regard to the site getting hacked – well, the blog is based on wordpress and the main site is different from the blog. We are using Django Framework there..

      • What I was trying to say was if you use the modern day web frameworks and follow their best practices and guidelines, the SQL injection problem tends to go away. I myself have had many SQL attacks as seen in my production log but they gave out a 500 server error. It does look pretty funny though when people try to bring down your site. One of those WTF moments. :D