Sunday, August 31, 2008

My Site Was hacked!!


I had just invited someone to look at my site and they responded by asking me what kind of site was it. I asked them if they saw the pictures I had on it and they said all they could see was a Turkish flag waving and a picture of a baby in a crib with a gold colored baloon on it. So I checked and sure enough it was there. On it was the description "HACKED BY iskorpitx (Turkish Hacker)". One can imagine my embarrasment when this came about. Here I am showing off the work of someone else.


In a way I was glad it happened to this site in particular. For the most part, it was my personal website and I am still trying to figure out what I'll do with it. Truth be told, there were a few vulerabilities with Joomla that made the attack possible. First there is a known security issue with Joomla. Aparently, there is the default admin user ID named admin. You do get to select your own user ID when Joomla is being installed but for the most part, most users keep the default. What I found on the site was a file named abc.php. When I pointed to the file, I got an application suite that apparently could run on my site showing all files, all folders, and could even query the database. Using admin as the user name, the hacker was able to somehow change the super administrator password which allowed him/her to go into the site and make changes to the front page. In panacking I decided that to ensure that the site is problem free, I simply reloaded the entire install. I dumped all the tables, all files, pretty much everything and started totally from scratch. Well this was a little extreme as I later found out. First of all I could've recovered the password. This would've given me the ability to regain control of the site. For purely the purpose of ensuring that the site was secure (I think) I decided to redo it from scratch.
Since I found the abc.php file, I made sure that the directory structure could not be easily accessible applying the right permissions to it. That way it would've been harder to put that file on it. Then I reinstalled the entire application from scratch. Fortunately I didn't have too much content so I was able to get things going quickly. However it was a great pain.
The thing had me wondering if I had made the right choice in choosing Joomla. What brought me a little comfort was the fact that Joomla.org, the parent site of Joomla! was itself hacked. The other thing reminded me of Microsoft products. They are the most hacked, the most attacked, the ones most likely to have viruses. That is because of their popularity and ubiquity. I guess Joomla is heading in that direction. Its very easy to work with and you can do whatever you wish on the web with it. The best part is that its all free, being OpenSource. The folks involved with it have recently formed a security team which would be looking at issues regarding it. So far they've been pretty good. One of the problems with OpenSource is that there's no one to simply call for support. However, there are the boards where a lot of answers you can find. In fact joomla.org has a very good board with lots of answers to almost every issue. Thing is, security is a very interesting one and you really have to be careful how you describe handling it. Hackers are really the only ones reading the manuals to the max. They look for vulnerabilities themselves. Its what makes them thrive.
Anyway, I'm working on getting this thing up again soon. I'll post what I learned next.

No comments: