Photowalkrs was hacked!

Yes, it’s true! Photowalkrs was hacked a few days back, on day of Christmas eve to be exact, and was down for almost a day before we could get it live once again. Photowalkrs was back on Christmas though, so nothing to worry!

Before this gets anymore exciting, I must tell you that things are all cool now. Although, the issue was resolved but we really don’t know how it all happened.

On 24th December night, when I opened an unusual thing happened, instead of our regular homepage, I saw that a site was hacked and had a totally unrelated page on display saying that .

I immediately contacted Kazi and we figured out that JasOnz666 is an Indonesian hacker! So, here we were, with no clue how this could’ve happened on our secure hosting and why the hell an Indonesian dude had decided to deface our URL.

After a little more searching around, we landed on this site which has a record of our site getting hacked.

But then Kazi started finding out about the issue on net while I was contacting the support team of our hosting servers, which for the time being is GoDaddy. After this incident, we have thought about changing servers to recommended, which I’ve heard many good things about from friends. For now, though, we are with GoDaddy, who couldn’t be of much help but Kazi had figured out that ours was a case of URL defacement by the use of SQL injection.

Now this is pretty interesting, read the chat we had –

Kazi: so it seemed they only change the index page
they got ccontrol to admin panel
Me: and they didn’t do it manually
Kazi: more like sql injection
they do it from the address bar directly
Me: wat’s sql injection ?
Kazi: runnning sql queries using the url
these are loopholes
and infact there are hack tools for
gaining access to admin panel
searching for vulnerable sites
so ours must be one such site that came up in the results
Me: lol
it was funny though, indonesian hackers! ftw
Kazi: 😀
Me: ill write a mail to godaddy about the index file being replaced
Kazi: yup
btw here’s a tutorial for website defacement
even you can try it out 😛
more info 😀


So, the end result was, we were live back again on Christmas and GoDaddy support just sent us a page on how to avoid being attacked by malware. The whole incident was funny and taught us something interesting, atleast now we can replicate the scenario on our future competitors 😉 But I’m still curious as to how those Indonesian dudes came to know about us, when we don’t even conduct photowalks in Indonesia (as of now) 😀

Edit – later we found out that the attack was because of the theme we were using and not something particular with our servers. When we shifted to a new theme, we never faced any attack again.


7 thoughts on “Photowalkrs was hacked!

    1. I know it was a basic thing, it’s just that we never expected this nor had we had such a case before!
      BTW, if you can share some resource on the basic checkpoints to ensure such a embarrassment never happens again, it’ll save our faces 😀

      1. thanks for the concern! although the problem was on the wordpress blog not on the main site. We tightened up the security there. But thanks anyways 🙂

    1. Well, a little background for that question would have been better, but yes, we are using a Framework for Photowalkrs. If the question was in regard to the site getting hacked – well, the blog is based on wordpress and the main site is different from the blog. We are using Django Framework there..

      1. What I was trying to say was if you use the modern day web frameworks and follow their best practices and guidelines, the SQL injection problem tends to go away. I myself have had many SQL attacks as seen in my production log but they gave out a 500 server error. It does look pretty funny though when people try to bring down your site. One of those WTF moments. 😀

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s