Last night I got an email regarding the Freedom Farm website I created and host:
“Hi Ben, I just tried looking at the FF website and I got a turkish anthem popping up. It was so strange. Is it my computer?”
Hoping it was her computer but dreading the worst, I loaded the site. Here’s what appeared:
Woah. Immediately I could see that I got hacked. The perpetrator was a Turkish extremist group, and later down the page it said:
Apparently our humble Freedom Farm site met their criteria for being “Anti-Turk, Anti-Islam, Satanist, and pornographic”. Sweet.
Well, I called the company I host with, and they were pretty unhelpful other than to tell me to check my permissions and that this kind of thing happens all the time with Joomla/CMS setups. So I was left to figure out exactly what the hackers had done and how to fix it.
The first thing I did was to use a backup to see if any of the files in the site directory had been changed. There are thousands of flies in this directory, so it took a while and I didn’t find anything. Then I ssh’d into my account and used the “find” command to check modification times in the past two weeks for all files. While doing this, I found a few thousand files in ANOTHER site’s directory that I hadn’t put there! I was being hacked from two different people at the same time!
After three hours of troubleshooting and testing, I found the following:
1) The Turkish hackers had probably used a clever search query or other venerability in Joomla’s install to somehow gain access to the configuration part of the Freedom Farm site. Then they changed the template file to their own code (source code here). That was it. Nothing major really, and no permanent damage done. I replaced the files from the backup and it was fixed. It’s just a bit unnerving that someone can do this!
2) Hacker #2 had used a flaw in my PHP code (an include statement) to upload thousands of files to my server. I fixed this flaw and deleted the unwanted files. Again, no major damage done and not that hard to fix. I had run into this problem before but never knew the extent to which it could be exploited. Hopefully, I have fixed it permanently.
My hacker defense was actually sort of fun. It gave me something to do (even though I was up until 3 AM) and really tested my own skills. If this kind of thing happens again, I’ll be able to fix it much faster.
I thumb my nose at you, Turkish hackers! Pbbbbtttt!
Leave a Reply