I got hacked

Well, not this sites server, which has never been hacked (not because it's running a secured OpenBSD stack but because it's a small target and why hack a hacker), but a server hosted with hostgator. I've used hostgator for about 8 years now as they are very cheap pricing for very large disk space, not the best bandwidth but good cpanel-free linux hosting. I highly recommend them for sites where processing speed isn't as important (which it is on WordPress sites) and where large disk space and long-term stability is important. Aside: I will never ever ever recommend using cpanel.

Got P0wned

hackedThe interesting thing is the one who achieved access via some clever php exploitation of some outdated php scripts I had left up was someone who values knowledge and hacking for the hack value over childish vandalism of technology. I'm not denigrating political hacktivism, I'm all for that, just saying this wasn't an exploit malware farm bot but an actual humanoid.

I know because of how I became aware of the hack, I received an email using PGP from the security researcher who detailed the vulnerabilities exploited and also left an mp3 file in my root directory. They were anonymized fairly well, but I didn't want to pursue that angle at all due to the polite nature of this user.

I'm all for getting hacked like this, and hacking like this, as much as possible, it may appear on the surface to be a pain, but the net result of this attack is just that my server is now locked down to prevent that specific type of attack from happening again.

MP3 left in root

This hacker left an audio file in my root directory to prove that they attained full 100% ownership and control of my system. They had gained root access after elevating from the initial hack and then used ssh authorized keys to attain full console access without needing the password. It was a nice way to do that, and I enjoyed the unusual act of leaving an mp3 which I don't see often. Much nicer than those stupid txt files that malware bots have been leaving around as much as possible lately, plain text files that contain stupid text like "pro-isis hackers have owned your box" and also "anti-isis hackers have owned your box".. and french hackers, russian hackers, iran hackers, blah blah so stupid. So old-school but they don't realize its oldschool which is w (lol).

I put that mp3 online at http://gator.askapache.com/boom2.mp3 not sure where it is from but reminds me of the audio files commonly embedded in cracking software such as the one I grabbed out of a key cracker and put up at http://gator.askapache.com/a.mp3 which is actually a very sophisticated and tiny file (I made it large by stream ripping it).

Oh and don't worry about analyzing the boom mp3, I re-encoded it after ripping from a raw stream, so it's not the actual file left in my root.

All Good

Hacking should be like this. Respect for the technology and respect for the team. It's unlikely that one of my servers will be hacked by some autobot exploit farm, but of course its very likely that a dedicated team or individual can hack into anything that isn't powered off. So I'm glad that this entity had respect and didn't cause me pain :) That all said, this is a rare event for me and was quite fun! In the event of your WordPress site getting hacked, see: FAQ: My site was hacked on the WordPress codex.

Hacking hack hacked p0wned

Comments