Welcome Back – We were Hacked

Happy Hotelier has been hacked.

They call it a “Deface Hack”. It means that in one way or another the perpetrator got access to my ISP account and replaced the landing page of this blog by the following notice:

Thehacker
0wn3d !

You can imagine I was furious and got more worked up when my service provider didn’t deem it serious enough to answer my calls.

I noticed it at about 23.00 (11.00 pm) last night and concluded it had happened at around 20.00 hr (8.00 pm) last night.

I couldn’t get access to my FTP client on their server, but I noticed I had access to my other blog. Also I had access to my .htaccess file. So I redirected both blogs that were hacked to a post at Chairblog EU:

Hacked-Post-on-Chairblog

At around 10.00 am today I got an e-mail from my ISP that they had solved the matter. They had closed down the FTP access to all my accounts until they had solved the matter.

Due to other business it was only about 01.30 pm today that I was able to reset the redirections.

Luckily the site seems in order again and nothing lost.

Now I’m going to update that post on Chair Blog ….

Also I have rebuild both sitemaps as yesterday’s sitemaps were erroneous

But all in all I’m not satisfied with the isp who claims > 99 % accessibility…..

Last edited by Happy Hotelier on January 5, 2010 at 2:07 pm

8 thoughts on “Welcome Back – We were Hacked”

  1. I hope they at least could provide some information on the point of entry (like, did they note in the log files that there was a ton of password attempts implying that someone attempted a brute force password guess on your FTP login or something.)

    If it’s a vulnerability in the web server they run, that’s going to be more serious.

    Sounds like a rough way to start the year but I look forward to more awesome posts as January gets started. 🙂

  2. From what I know now it seems there is or was a vulnerability in their server…have been trying to speak to the guys, but they dodged me. Am still very unhappy about this.

    Saw your post about your cab accident…there is always worse than just a hack. Hope you don’t get permanent complaints. It seems my wife is now suffering from symptoms of a car accident over 30 years ago or from a tobaggon accident some 20 years ago….Good Health in 2010!

  3. Between you and me (and whoever reads these comments :)) – that’s kind of frightening. It sounds like this was a typical ‘grey hat’ hack where someone wasn’t trying to gather some secret information to steal it or destroy it, just to show it was hackable and prod the admins to do something about it. I’d give 50/50 odds that the admins were running an older version or something and were caught by a known vulnerability that a hacker’s script caught and exploited as it scanned the Internet.

    As for the accident, I feel some residual neck weirdness but I keep telling myself it could have been worse. Sorry to hear about your wife, is there anything that she’s finding useful -like acupuncture? I find most American doctors simply prescribe pain killers and muscle relaxers and hope the body just takes care of it.

    Also, I wish I had more advice on your web design, I firmly believe that even if you are a techie geek, it requires a certain artistic flair that I simply don’t have 🙁

  4. @Matt
    Just last night there was a second hacker intrusion that succeeded. It appears all pages that have index in their name were replaced with a hacked page. It was a scripted deploy the ISP claims. No password deployment. No further damage (yet?)…

    ISP blames the co-location guys who didn’t keep up with the patches…Always easy to blame someone else…

    As to the neck: Wife has a chiropractor working on her neck. Chiropractor says her case worsened after years of neglecting the symptoms and now she has two cervicals with tear. Also we have a lady friend with the same sort of neck problems after the rascal fell flat on her back while playing in a game of lady soccer a year ago. She is from San Diego and commutes between there and here. Occasional dizziness and problems with focusing when reading.

    So just a friendly warning not to let it go.

  5. Yeah, some hacker has a script running that is scanning huge chunks of the Net and if it finds a opening, just goes in and replaces stuff. Annoying, but it’s called ‘grey hat’ since they aren’t actually maliciously trying to destroy anything or use information for theft or blackmail, which would be ‘black hat’ 🙂 Whoever is in charge of keeping the patches up to date should get written up or fired – let me tell ya.

    Yeah, I haven’t had much luck with chiropractors although the rest of my family does. Acupuncture, however, I usually see instant improvement so that’s on the roadmap, but it’s tough now that we are trying to get our finances back in order and I feel mostly ok to not procrastinate. I *know* it’s the right thing to do, though.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.