Mass hacking of South African websites

Last edited:
Surely this is not a Hetzner-only hack event? Why were other ISP's not invited? The examples given are all very similar:

Those IP's are all in one subnet at Hetzner.

You might be right there, from those examples it's probably an attack just on Hetzner. Why those sites are still up with the problem unresolved I don't know
 
I've actually come across a few of those (late last week).
It was pretty annoying as firstly, these companies obviously never check their own website and secondly, all the internal links referenced those external sites. Was very difficult to navigate
 
Surely this is not a Hetzner-only hack event? Why were other ISP's not invited? The examples given are all very similar:

Those IP's are all in one subnet at Hetzner.

In a case like this the hacker does not jump from point A to B on different networks, that would slow him down and is inefficient. He works from a list. The list can be domain names or IP address.

Where is it, is incidental. The aim was to quickly find targets and plant links as efficiently as possible. This is a matter of how these guys operate, hacking101. Based upon what we are seeing here, this is probably how the attack occurred:

Information gathering
  • Get a network range and resolve to host names - many tools/methods out there to accomplish this
  • Scan hosts - to identify what is running, looking for pre-selected clues
  • Filter potential targets - WordPress and Joomla! in this case. Probably a version filter as well ...

Then attempt a hack on the selected targets. Trivially easy. Much of this was probably scripted with the hacker doing something else.

On an aside, my 5c on WordPress: WordPress took a lot of flack for being easily hackable while it is really a certain library used called TimThumb. It's best to avoid this library. To further improve the situation, newer WordPress version now allow for automatic updates. Just make sure you have regular backups.

Sadly, just like cars and electronics, software also does not last forever and needs constant TLC, especially out there on the web ;)
 
I've seen some other sites that are not hosted at Hetzner.
 
Top
Sign up to the MyBroadband newsletter