Just four month after the hack by Hmei7, an Indonesian individual, my sharkdolphin.com got hacked again by another Indonesian hacker that called himself/herself as Rexal Scooterist. Although there is nothing valuable on the web site, it still got hacked. This time, the hacker was kind enough not to delete any information except the index.php file in every single subdomain of sharkdolphin.com. I have to thank him/her for teaching me another security lesson. Here is roughly how the hacker did:

1) At Sat Jul 27 12:41:45 2013, the hacker exploited a security hole on Joomla 1.x's JCE to upload a script to my old mtpham-hacked.sharkdolphin.com website, using a machine at IP address 101.255.62.233.

2) Using the script, the hacker quickly got access to all my other subdomains. He used the script to overwrite the main index.php files on them.

3) He then used a bunch of other machines with IP addresses starting with 69.171.xxx.xxx to access these newly modified index.php files. But no further damage was done to sharkdolphin.com

I have blocked all these IP addresses. Let's see what else these Indonesian hackers can do.

Comment (2) Hits: 936

Recent comments

View other comments

Hi there. I am Minh-Tri Pham. My old web site was attacked on 12 Jan 2013 by someone (or some organization maybe?). The attack was a variant of the recent popular "Hacked by Hmei7" attack. All SQL data was wiped out. Consequently, I had to reconstruct the whole web site with stronger security. The process has started, but it will take months to complete.

 

The old web site has been moved to another place.

http://mtpham-hacked.sharkdolphin.com

However, it has been recovered to the last time I made a back up of the SQL database, which sadly was in 2009. The old web site will go offline once I have migrated all content to the new web site.

 

Minh-Tri

PS: Since it was born, sharkdolphin.com has been hacked into 4 times. This time is most severe because the hacker(s) hit my weakest link, the SQL database.

Comment (0) Hits: 683