Yes, it’s true! Photowalkrs was hacked a few days back, on day of Christmas eve to be exact, and was down for almost a day before we could get it live once again. Photowalkrs was back on Christmas though, so nothing to worry!
Before this gets anymore exciting, I must tell you that things are all cool now. Although, the issue was resolved but we really don’t know how it all happened.
On 24th December night, when I opened photowalkrs.com an unusual thing happened, instead of our regular homepage, I saw that a site was hacked and had a totally unrelated page on display saying that .
I immediately contacted Kazi and we figured out that JasOnz666 is an Indonesian hacker! So, here we were, with no clue how this could’ve happened on our secure hosting and why the hell an Indonesian dude had decided to deface our URL.
After a little more searching around, we landed on this site which has a record of our site getting hacked.
But then Kazi started finding out about the issue on net while I was contacting the support team of our hosting servers, which for the time being is GoDaddy. After this incident, we have thought about changing servers to recommended www.hostiserver.com, which I’ve heard many good things about from friends. For now, though, we are with GoDaddy, who couldn’t be of much help but Kazi had figured out that ours was a case of URL defacement by the use of SQL injection.
Now this is pretty interesting, read the chat we had –
Kazi: so it seemed they only change the index pagethey got ccontrol to admin panelMe: and they didn’t do it manuallyKazi: more like sql injectionthey do it from the address bar directlyMe: wat’s sql injection ?Kazi: runnning sql queries using the url
domain.com/these are loopholesand infact there are hack tools for
gaining access to admin panel
searching for vulnerable sitesso ours must be one such site that came up in the resultsMe: lolit was funny though, indonesian hackers! ftwKazi: πMe: ill write a mail to godaddy about the index file being replacedKazi: yupbtw here’s a tutorial for website defacementeven you can try it out πmore info πΒ
So, the end result was, we were live back again on Christmas and GoDaddy support just sent us a page on how to avoid being attacked by malware. The whole incident was funny and taught us something interesting, atleast now we can replicate the scenario on our future competitors π But I’m still curious as to how those Indonesian dudes came to know about us, when we don’t even conduct photowalks in Indonesia (as of now) π
Edit – later we found out that the attack was because of the theme we were using and not something particular with our servers. When we shifted to a new theme, we never faced any attack again.
Β
Anubhav Tyagi 
If assumption is that your future competitors will not know about Web App Security 101, then yes π
I know it was a basic thing, it’s just that we never expected this nor had we had such a case before!
BTW, if you can share some resource on the basic checkpoints to ensure such a embarrassment never happens again, it’ll save our faces π
For Django, have a look at this – http://www.djangobook.com/en/2.0/chapter20.html
thanks for the concern! although the problem was on the wordpress blog not on the main site. We tightened up the security there. But thanks anyways π
You guys are not using a framework to build your site, are you?
Well, a little background for that question would have been better, but yes, we are using a Framework for Photowalkrs. If the question was in regard to the site getting hacked – well, the blog is based on wordpress and the main site is different from the blog. We are using Django Framework there..
What I was trying to say was if you use the modern day web frameworks and follow their best practices and guidelines, the SQL injection problem tends to go away. I myself have had many SQL attacks as seen in my production log but they gave out a 500 server error. It does look pretty funny though when people try to bring down your site. One of those WTF moments. π