Hacked? No, my WordPress install was cracked!

Damn you to hell — silly Crackers!

I’m “mildly annoyed” but far from furious — fuqd.at was “hacked”! Well, technically — it was “cracked”.

What’s the difference? I’m glad you asked!

Cracker – This is the common term used to describe a malicious hacker. Crackers get into all kinds of mischief, including breaking or “cracking” copy protection on software programs, breaking into systems and causing harm, changing data, or stealing. Hackers regard crackers as a less educated group of individuals that cannot truly create their own work, and simply steal other people’s work to cause mischief, or for personal gain.

Hacker – This is someone that seeks to understand computer, phone or other systems strictly for the satisfaction of having that knowledge. Hackers wonder how things work, and have an incredible curiosity. Hackers will sometimes do questionable legal things, such as breaking into systems, but they generally will not cause harm once they break in. Geek.com forums

As you can see, there is a great difference between hackers and crackers. Hackers want to learn. Crackers want to cause mischief and do — illegal things. I’m a hacker, but, I’m definitely not a cracker.

Given what they did to my web server, they were no hackers. In fact, they weren’t even very credible crackers. The crackers could have caused all kinds of mischief but they limited their activity to defacement. Simply put, the crackers replaced any index.html pages with their own crappy looking and mildly amusing announcement. Yeah, real earth-shaking, society impacting stuff. They are trying to break the interwebs!

Screenshot of fuqd.at landing page (restored)
Screenshot of fuqd.at landing page (restored)

My original index.html landing page was a fairly innocuous, totally inoffensive, and by no stretch of the imagination — a work of art. But, I did like it. It served its purpose.

The other thing was that there was no backup so I had to basically recreate it from scratch. Not happy, Jan!

It wasn’t too much of a drama as it was always meant to be a very simple landing page. See the restored version of fuqd.at here if you’re even mildly curious.

I’ve since rectified that little mistake. There’s now a spare landing page on the server just in case it happens again. Fingers crossed it won’t.

Still, I was more infuriated at myself after seeing my website defaced. It’s my fault as I’ve neglected updating software as I’ve been hugely busy with Uni.

Lessons learned on two counts. One: always take five minutes to update my CMS and the server software. Two, have backups of these simple landing pages to save an hour out of my busy Uni and work schedule. 🙂

What does it look like to be Hacked?

Screenshot of hacked home page
Screenshot of hacked home page

It’s not very fancy really. Some bozo decided he’d add his crap little announcement and bugger up my website. Why? I have no idea. I don’t run anti-Islamic content. As a matter of fact, I don’t run any (pro or con) religious content at all.

Check it out. You can see his “art” in all its glory. Pretty crap hey? No  need to answer that, it was rhetorical. 😉

Cracked by a script kiddie with no real skills

A bit of digging on the net turned up some information. Apparently, a WordPress Vulnerability CSS Code Execution May Be Vehicle for Muslim Hacker Attacks. Now, there actually is no guarantee they are Muslim even though they purport to be and to me, that’s not really relevant.

What is relevant however is that it’s been reported that:

The server itself was not compromised and the attack was not on a server vulnerability but, instead, on a vulnerability of the content management system,” Arvig senior manager of IT Shaun Carlson told the WHIR in an email. “This could have happened no matter who was hosting the site. Lisa Green – Arvig Communications

Script kiddies! Upto mischief!

Now, I also couldn’t find anything in the server logs indicating anything other than replacing index.html pages with their pathetic and stupid little ‘announcement’. So one can only presume that these script kiddies found a fault in WordPress and exploited it.

WordPress also had some security updates so hopefully, the bug has been squished. Time will tell. If you’re running a WordPress site, please immediately update your software.

Anyway, fuqd.at is now back online and no great harm seems to have been done.

 

G'Day! Feel free to leave a Reply