Yes, it’s true! Photowalkrs was hacked a few days back, on day of Christmas eve to be exact, and was down for almost a day before we could get it live once again. Photowalkrs was back on Christmas though, so nothing to worry!
Before this gets anymore exciting, I must tell you that things are all cool now. Although, the issue was resolved but we really don’t know how it all happened.
On 24th December night, when I opened photowalkrs.com an unusual thing happened, instead of our regular homepage, I saw that a site was hacked and had a totally unrelated page on display saying that .
I immediately contacted Kazi and we figured out that JasOnz666 is an Indonesian hacker! So, here we were, with no clue how this could’ve happened on our secure hosting and why the hell an Indonesian dude had decided to deface our URL.
After a little more searching around, we landed on this site which has a record of our site getting hacked.
But then Kazi started finding out about the issue on net while I was contacting the support team of our hosting servers, which for the time being is GoDaddy. They couldn’t be of much help but Kazi had figured out that ours was a case of URL defacement by the use of SQL injection.
Now this is pretty interesting, read the chat we had –
Kazi: so it seemed they only change the index pagethey got ccontrol to admin panelMe: and they didn’t do it manuallyKazi: more like sql injectionthey do it from the address bar directlyMe: wat’s sql injection ?Kazi: runnning sql queries using the url
domain.com/<some php + sql query>these are loopholesand infact there are hack tools for
gaining access to admin panel
searching for vulnerable sitesso ours must be one such site that came up in the resultsMe: lolit was funny though, indonesian hackers! ftwKazi: :DMe: ill write a mail to godaddy about the index file being replacedKazi: yupbtw here’s a tutorial for website defacementeven you can try it out :Pmore info :D
So, the end result was, we were live back again on Christmas and GoDaddy support just sent us a page on how to avoid being attacked by malware. The whole incident was funny and taught us something interesting, atleast now we can replicate the scenario on our future competitors ;-) But I’m still curious as to how those Indonesian dudes came to know about us, when we don’t even conduct photowalks in Indonesia (as of now) :-D\
Edit – later we found out that the attack was because of the theme we were using and not something particular with our servers. When we shifted to a new theme, we never faced any attack again.