Home > SWS Blog > Hackers Among Us
Hackers Are Among Us

Hackers Among Us

So far in October, we have had five websites hacked, plus two major attacks targeting some of the commercial software applications we use daily at Simply Web Services. And one email password was compromised.

All the attacks this month were exploits of previously unknown vulnerabilities (referred to as Zero-Day attacks).

Let’s start with the website defacement attacks. Started on the 15th and continued to the 18th. The first attack was stopped and cleaned up in a few hours. We investigated but couldn’t find anything indicating anything other than a weak password on the user’s account. We changed it and instructed the user to set a password they could remember but that was hard to guess. The very next day, the same user’s email account was hacked. We immediately changed the password and asked the client to contact us ASAP to ensure they didn’t change the password we reset the day before back to its original value. Later that day, four other websites were defaced, displaying the exact same defacement as the day before. We discovered three of them before the clients did. We quickly archived the hack, restored the sites, and started our investigation. We discovered a previously unknown vulnerability in a commercial application we use on older HTML websites. We contacted the vendor and worked with them overnight to patch the application.

About The Defacement
Here is a screenshot of the lovely website defacement the hackers were using. They would replace the website’s homepage with this page. The screenshot doesn’t do it much justice; the lightning bolts were animated, flashing every few seconds.

Defaced Website

And in the background at full volume was “The Game / 50 Cent – This is how we do it” {Warning – Vulgar Language}

It was very annoying to say the least

Saturday night, we received an urgent notice that the software we use for web hosting, billing, and support ticketing had been compromised. Not our installation itself, but the vendor had received word that a previously unknown vulnerability had been exploited and that all versions of the software were vulnerable. So we immediately took our installation offline and waited until the patch was released. By 6 a.m. the next morning, we had a patch in hand, and our installation was back up and running. Please note that our installation was not hacked, and there was no personal or credit card data from our database released. It is also important to understand that we do not store credit card information on our servers. We have always taken the safe approach of having the credit card gateway handle credit cards, so we would never have to worry about that liability.

Have Questions?

Is Your Website At Risk?

Contact Us
First
Last