Tuesday, August 19, 2008

Day +776 : Someone hacked my website :-(

I am fine today.

Last night, I was surprised to see that one of my websites was hacked. Based on the language on the website, the hacker was most probably from Indonesia. This was the first time I experienced this.

My site after getting hacked
I did some investigation and noticed that my Super Administrator account was modified on the 14 August. This made me to conclude that it was hacked on that day.

The database recorded the last visit date as 2008-08-14 09:08:28. This is the time the hacker gain control of my website, then turned it off with some modification as seen in the first picture.

I lose control of the web application as the hacker modified my account password. However, I still have access to my hosting account. So I modified the above database and regain control of the website.

At the same time, I also reported the incident to my web hosting provider which later advised and helped me to restore the site back to a backup that was done a month ago. Since I didn' update the site much, no data was lost :-)

I am using a open source content management system called Joomla for my website. A security bug was reported on 12 August which allowed an unauthenticated user to change the first account's password, which is normally the super administrator account. I believe the hacker make use of this vulnerability to enter the website and do something funny.

I immediately updated the website after it was restored and everything is running fine now :-)

I learned some valuable lesson throughout the process, which I can only share with you if I have a technical blog :-) Thank you, hacker :-)

See you next post :-)

No comments: