Multiple sites of mine were hacked

Posted by steve | General Commentary | Monday 4 May 2009 2:59 pm

We’re still working on how this happened, and I have notified the web host, but we discovered today that a number of my domains were hacked. It didn’t show up with Firefox but did with Safari. We don’t use IE around here.

This is what people saw when they logged onto the sites.

Hacked Site Warning

The hack was that a javascript was appended to the end of the index.html file, beyond the closing HTML tag. I’m guessing that Firefox stopped processing the file when it saw the HTML closure tag and therefore it “missed” the hacked script.

It’s interesting since the hack appears to have only modified the index.html files to include the script to generate the above warning. I noticed that the script was encoded to not reveal what it was really doing. Also, the link goes somewhere pretty suspicious even though it mentioned Google in the preceding text. Tricky.

There are only 3 people that know the low-level password for our domains and we’ll be changing that real-soon-now. I’m thinking that the password was accidently picked up from someone’s computer, perhaps even in attachment in the ever not so private e-mail system that people use.

NOTE: Sending critical information by unencrypted email is dumb. You might as well write it on a postcard and drop it in a public mailbox.

Not every site was hit. Sites that were hacked include: