Anchor site hacked

Forums › Off topic › Anchor site hacked

tardtasticx

3027 posts

Uber Geek

#151845 7-Sep-2014 18:53

A friend sent me the link to the Anchor site (the milk company...) saying she needed to email them.

http://www.anchor.co.nz/

Anyone heard of them? I gotta say it's kinda creepy the mask. lol

And why Anchor? Someone must really hate Milk I guess

Bachelor of Computing Systems (2015)

Late 2013 MacBook Pro with Retina Display (4GB/2.4GHz i5/128GB SSD) - HP DV6 (8GB/2.8GHz i7/120GB SSD + 750GB HDD)
iPhone 6S + (64GB/Gold/Vodafone NZ) - Xperia Z C6603 (16GB/White/Spark NZ)

Sam, Auckland

Aaroona

Human
2992 posts

Uber Geek

Subscriber

#1123764 7-Sep-2014 18:55

Haha, definitely a weird website to hack..

Gotta admit, I'm very curious about "hacking" and how they do it.. would be interesting to see some white-hat hacking, see how its done.

mattwnz

16708 posts

Uber Geek

#1123766 7-Sep-2014 18:57

Perhaps using an old version of a CMS which has a security hole. That is a pretty large company though isn't it to be hacked?

mentalinc

2019 posts

Uber Geek

Trusted

Subscriber

#1123767 7-Sep-2014 19:01

What normally happens is they find an exploit, write a script then scan and auto hack any website that has the vulnerability they identified.

CPU: Intel 3770k| RAM: F3-2400C10D-16GTX G.Skill Trident X |MB: Gigabyte Z77X-UD5H-WB | GFX: GV-N660OC-2GD gv-n660oc-2gd GeForce GTX 660 | Monitor: Qnix 27" 2560x1440

ZollyMonsta

2902 posts

Uber Geek

Trusted

Subscriber

#1123781 7-Sep-2014 19:35

mentalinc: What normally happens is they find an exploit, write a script then scan and auto hack any website that has the vulnerability they identified.

So, script kiddies?

Media DevOps Engineer (TV) @ Vodafone
Check out my LPFM Radio Station at www.thecheese.co.nz

mattwnz

16708 posts

Uber Geek

#1123784 7-Sep-2014 19:46

Just hope they have good backups, as many cheap hosts only do daily backups, so the hacked changes have possibly overwritten the backups by now. Although the website is possibly hosted in house as they are a pretty big company.

Anyone know what the previous site was built on? Wordpress, Joola etc. Old versions of Joomla do seem to be a victim of hackers, and old versions of wordpress have known security holes.

Gilco2

1542 posts

Uber Geek

Subscriber

#1123786 7-Sep-2014 19:49

looks like they are on to it. Just a blank page now

HTPC Intel Pentium G3258 cpu, Gigabyte H97n-wifi motherboard, , 8GB DDR3 ram, onboard graphics. Hauppuage HVR 5500 tuner, Silverstone LC16M case, Windows 10 pro 64 bit using Nextpvr and Kodi

mattwnz

16708 posts

Uber Geek

#1123787 7-Sep-2014 19:51

Gilco2: looks like they are on to it. Just a blank page now

Maybe the host picked it up as a compromised website. Looks like it traces to the webhost domain , sitehost dot co dot nz.

ZollyMonsta

2902 posts

Uber Geek

Trusted

Subscriber

#1123793 7-Sep-2014 19:59

Backup installed by the looks.

Media DevOps Engineer (TV) @ Vodafone
Check out my LPFM Radio Station at www.thecheese.co.nz

Aaroona

Human
2992 posts

Uber Geek

Subscriber

#1123796 7-Sep-2014 20:02

WEbsite is back up now.

AidanS

458 posts

Ultimate Geek

#1123811 7-Sep-2014 20:23

As someone said earlier, most website hacking occurs through an exploit of the website code. Usually forcing admin access (SQLi, or other exploit) to the CMS and then either uploading a malicious file from there which allows the hacker to change files and upload there own files. Or another common method is to socially engineer the website host into giving the hacker access to the server/website.

mattwnz

16708 posts

Uber Geek

#1123910 7-Sep-2014 22:14

Aaroona: WEbsite is back up now.

Yes looks to be, pretty good to get it back up on a Sunday evening.
Anyone know what CMS they are using? Doesn't look to be wordpress or joomla, unless it is heavily cusomtise.

Ragnor

8035 posts

Uber Geek

Trusted

#1124232 8-Sep-2014 12:56

It's wordpress, pretty easy to tell eg:

http://www.anchor.co.nz/wordpress/wp-login.php
http://www.anchor.co.nz/wordpress/

So it was probably the usual old version known exploit thing.

Looks like they have updated to 4.0 so problem should be solved (for now....)
http://www.anchor.co.nz/wordpress/readme.html