The Whir Temporarily falls to Hackers

2008-06-30T12:35:00-04:00

When will it end? Even secure and notable websites such as thewhir.com can be vulnerable to hackers nowadays. As of 3:30 PM Central Time, clicking any link at the popular web resource site, will get you a quick redirect to www.jukez.com and lots of headaches for visitors.

Evan Kamlet, www.Host4Yourself.com says it is possibly an SQL injection and cleaning up this problem is limited to only a few options.

Kamlet says "It is most likely an insecure script and if luck is on your side, no root access was gained. First, disable the web service and any database servers and do some forensics. It is important to first plug the hole.
Search logs for strange SQL following a GET request: index.php?page=1;UNION%20INSERT.. etc. UNION, INSERT, DELETE SQL commands generally should not be showing up in your GET requests.

Then, restore from a backup or do a mass find and replace within your database only once you are SURE you found the entrance point.. Obviously, there can be other causes of these defacements such as shell commands being executed in a similar manner in order to rewrite scripts, create SQL injections, or to invoke code injections into the scripts themselves."

Sharon Koifman, VP Marketing for Applicure considers "It's related to the fact that hosting companies don't really protect individual applications and Individual shared hosting clients. The only way to prevent something like this from happening is to change the standard of the entire industry security on the application level."

http://www.gawkwire.com/technology/the_whir_falls_to_hackers.html

Gawkwire: Web Hosting and Internet News Resource

The Whir Temporarily falls to Hackers