I am an avid comic reader. I have been reading comics since I was a little boy. I started with web comics since 2003. I have never missed a day since then. Any day that I miss reading the comics, I make it up. Sometimes, I might not have a chance to read them up to 2 weeks depending on my engagements, but recently, I always have time for them.
I came back from church today (12-May-2013), opened my laptop and engaged my list of web comics. Cyanide & Happiness was not available. What could the problem be? They that been hacked. Which kind of sick bastard hacks the website of a web comic? Really? What type of publicity stunt is that?
The horde of Cyanide & Happiness readers have flocked to their facebook page reporting the hack. The page should be restored in no time.
How to ward off hackers
If you run a website, how can you prevent this happening to you? Or remedying it quickly, if it does happen. I will reveal a particular set of activities I perform on my sites. My major activities include:
Monitoring my sites as close to real time as possible.
Ensure I am using the proper file permissions across installations.
Use the latest security plugins.
Monitor the content generated by users of the sites. Sometimes, malicious links can be sent in through comments.
I run a number of websites, and I mostly used WordPress. It is fast and very easy to use and there are a ton of plugins available to enhance your site. One plugin I always install (and believe should be a part of WordPress core) is Better WP Security.
Several times, I have benefited from using the plugin. Today, once more, I received a benefit of using this plugin. There is a massive attack on wordpress sites now and every webmaster using this blogging tools needs to step up their games, especially in the concerns of security.
I suddenly noticed a spike in my unread email count – from 4 to 85 within a minute and I realised that one of my sites was under attack again.
I checked my email and I saw this:
These are the alert emails sent by Better WP Security when it fends off an attack. Lagos Scholarship board website was under attack. This wasnt a DOS (Denial of Service), this was a scripted attack from a single computer. Probably a script kiddie using automated tools. An example of one of the emails is shown below:
The script attempts to use several SQL injection variants to gain access to the site. Lucky for me, Better WP Security was on hand to fend them off. The first time I noticed attacks of this nature, I could 76 different trials, now the number has risen to over 180. Maybe one day, one of them will succeed. Maybe not. Hopefully, not! But we wait and see.
Whenever, I notice these emails, I open up the site immediately and keep checking to know if any attack is successful. I go through my file permissions, and my core files. I check for changes. Still, I am safe, for now.
A couple of days back, I saw an article about theNetNG, google it here.
Yesterday, our primary domain www.thenetng.com was compromised by internet hackers, who criminally gained access to our servers and illegally took possession of our identity.
We are convinced this is a calculated attack by detractors to unsettle and distract us, knowing our third anniversary (April 26) is just around the corner, as well as the inaugural Nigerian Entertainment Conference holding next Friday
This incident occurred in the early morning of Thursday April 18, and the hijackers immediately followed up with an email, announcing their operation and demanding $1,200 ransom to reclaim our property. They have since sent other emails, and made fresh requests, which we are reviewing with our lawyers, registrars and IT team.
It is the first time since we registered the domain in 2009, that such security breach would occur. And even though we considered our readers, advertisers and partners, our management took a firm decision not to engage with the criminals.
After careful considerations, we decided yesterday, that we will not be negotiating with the hijackers, that we will not bow to these cheap internet terrorists. And we will definitely not be paying the requested ransom money ($900 as at their last email).
As a web developer (and hacker of some sorts), this information presented a scenario that a typical Nigerian would describe as having a “k-leg”. I decided to review and see if I could figure out what happened.
First, a hacker can not just take over your domain. Hosting files, yes, domain no. I am not saying it isnt possible, but it isnt common. The only way you can lose your domain in this kind of attack (if that is your lingo of preference) is if you do not renew it. I checked the whois information and the domain history.
The domain was registered in September 14, 2009, which means it expires (should be renewed) September 14 every year. The article made a reference to April 2013. The last update date was May 3 2013. That is a six month difference between the supposed last expiration date and the “hijack” date. Domains usually ave a 90 days period between their expiration and availability to the general populace. Source: http://whois.ws/whois/thenetng.com
The domain history shows the previous and current registrars of the domain. http://whois.ws/domain-history/thenetng.com. It was previously managed by AntiGravity. My suspicion is that there was a fallout between theNetNG and AntiGravity, leading to the non-renewal of the domain. The domain was promptly hijacked.
A fallout (likely), a loss of the domain by AntiGravity? (I don’t think so). Checking the screenshot history of the site using the Wayback Machine showed that after 2009, AntiGravity was no longer the designer/developer of the website. It had been transferred to Unstoppables International.