Several blogs on our lot was target of defacements earlier this morning. Two were Connie’s food blog, one of Chin Wong along with two others. It’s always a dreaded thought that one of your sites or even servers getting hacked by some punk from Russia (or where ever).
I first got notice of the series of defacements last night while updating of our blogs on that server. Only one page was defaced and that’s the readme.html of the stock WordPress installation file. It was obvious how it was done because the file has write permissions for basically anyone to tamper with (chmod+666). Deleting the file and checking permissions of other files and folders was the logical move to fix that. And I thought that was all of it.
Or so I thought. Early this morning, we got calls that there were other defacement on the same server — 4 more blogs running on WordPress and Expression Engine. I really thought the entire server was compromised so we had to spend the entire day checking practically hundreds of other sites on that same rig. Though we’re still not 100% sure exactly how all these happened at the same time but evidence of cross-site scripting and improper folder permissions were the primary reasons.
How to prevent this in the future:
I’m sure we’d get some heat from this but battling hackers, spammers, and phishers is no easy task and a continuous effort. We get literally dozens of brute force attacks everyday and all we can do is be alert as ever. Any provider saying they’re 100% hack-proof is only asking to be targetted by more attacks.
All we can do is learn from this incident, be more carefull and move on.
YugaTech.com is the largest and longest-running technology site in the Philippines. Originally established in October 2002, the site was transformed into a full-fledged technology platform in 2005.
How to transfer, withdraw money from PayPal to GCash
Prices of Starlink satellite in the Philippines
Install Google GBox to Huawei smartphones
Pag-IBIG MP2 online application
How to check PhilHealth contributions online
How to find your SIM card serial number
Globe, PLDT, Converge, Sky: Unli fiber internet plans compared
10 biggest games in the Google Play Store
LTO periodic medical exam for 10-year licenses
Netflix codes to unlock hidden TV shows, movies
Apple, Asus, Cherry Mobile, Huawei, LG, Nokia, Oppo, Samsung, Sony, Vivo, Xiaomi, Lenovo, Infinix Mobile, Pocophone, Honor, iPhone, OnePlus, Tecno, Realme, HTC, Gionee, Kata, IQ00, Redmi, Razer, CloudFone, Motorola, Panasonic, TCL, Wiko
Best Android smartphones between PHP 20,000 - 25,000
Smartphones under PHP 10,000 in the Philippines
Smartphones under PHP 12K Philippines
Best smartphones for kids under PHP 7,000
Smartphones under PHP 15,000 in the Philippines
Best Android smartphones between PHP 15,000 - 20,000
Smartphones under PHP 20,000 in the Philippines
Most affordable 5G phones in the Philippines under PHP 20K
5G smartphones in the Philippines under PHP 16K
Smartphone pricelist Philippines 2024
Smartphone pricelist Philippines 2023
Smartphone pricelist Philippines 2022
Smartphone pricelist Philippines 2021
Smartphone pricelist Philippines 2020
Connie says:
In the case of pinoyfoodtalk.net, running on Expression Engine, six folders with .htaccess files were uploaded and the index.php file on the main path was overwritten. It couldn’t have been done through the EE admin panel because you can’t touch the index.php file from there. Has to be via FTP or the Cpanel.
Connie says:
3 extra folders were uploaded to Pinoycook.net (running on WP), each containing an index.html file with the blah blah info of the asshole.
Noemi Dado says:
a cpanel security flaw?
Abe Olandres says:
Found 3 more defaced sites today, all of them have 777 folder permissions.
eric says:
naku.. kinda techie ito..
my blog is in your hands abe.. hehehe
uy panu pala mag install ng latest version ng wordpress? thanks!
im a bit afraid mag install ng kung ano ano sa blog ko baka biglang mag loko ang blog ko. ehehe