Anchor site hacked

Forums › Off topic › Anchor site hacked

tardtasticx

3075 posts

Uber Geek

#151845 7-Sep-2014 18:53

A friend sent me the link to the Anchor site (the milk company...) saying she needed to email them.

http://www.anchor.co.nz/

Anyone heard of them? I gotta say it's kinda creepy the mask. lol

And why Anchor? Someone must really hate Milk I guess

Aaroona

3193 posts

Uber Geek

#1123764 7-Sep-2014 18:55

Haha, definitely a weird website to hack..

Gotta admit, I'm very curious about "hacking" and how they do it.. would be interesting to see some white-hat hacking, see how its done.

mattwnz

20141 posts

Uber Geek

#1123766 7-Sep-2014 18:57

Perhaps using an old version of a CMS which has a security hole. That is a pretty large company though isn't it to be hacked?

mentalinc

3225 posts

Uber Geek

Trusted

#1123767 7-Sep-2014 19:01

What normally happens is they find an exploit, write a script then scan and auto hack any website that has the vulnerability they identified.

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

ZollyMonsta

3009 posts

Uber Geek

ID Verified

Trusted

#1123781 7-Sep-2014 19:35

mentalinc: What normally happens is they find an exploit, write a script then scan and auto hack any website that has the vulnerability they identified.

So, script kiddies?

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

As per the usual std disclaimer.. "All thoughts typed here are my own."

mattwnz

20141 posts

Uber Geek

#1123784 7-Sep-2014 19:46

Just hope they have good backups, as many cheap hosts only do daily backups, so the hacked changes have possibly overwritten the backups by now. Although the website is possibly hosted in house as they are a pretty big company.

Anyone know what the previous site was built on? Wordpress, Joola etc. Old versions of Joomla do seem to be a victim of hackers, and old versions of wordpress have known security holes.

Gilco2

1556 posts

Uber Geek

#1123786 7-Sep-2014 19:49

looks like they are on to it. Just a blank page now

HTPC Intel Pentium G3258 cpu, Gigabyte H97n-wifi motherboard, , 8GB DDR3 ram, onboard graphics. Hauppuage HVR 5500 tuner, Silverstone LC16M case, Windows 10 pro 64 bit using Nextpvr and Kodi

mattwnz

20141 posts

Uber Geek

#1123787 7-Sep-2014 19:51

Gilco2: looks like they are on to it. Just a blank page now

Maybe the host picked it up as a compromised website. Looks like it traces to the webhost domain , sitehost dot co dot nz.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

ZollyMonsta

3009 posts

Uber Geek

ID Verified

Trusted

#1123793 7-Sep-2014 19:59

Backup installed by the looks.

Check out my LPFM Radio Station at www.thecheese.co.nz - Now on iHeart Radio, TuneIn and Radio Garden

As per the usual std disclaimer.. "All thoughts typed here are my own."

Aaroona

3193 posts

Uber Geek

#1123796 7-Sep-2014 20:02

WEbsite is back up now.

AidanS

458 posts

Ultimate Geek

#1123811 7-Sep-2014 20:23

As someone said earlier, most website hacking occurs through an exploit of the website code. Usually forcing admin access (SQLi, or other exploit) to the CMS and then either uploading a malicious file from there which allows the hacker to change files and upload there own files. Or another common method is to socially engineer the website host into giving the hacker access to the server/website.

mattwnz

20141 posts

Uber Geek

#1123910 7-Sep-2014 22:14

Aaroona: WEbsite is back up now.

Yes looks to be, pretty good to get it back up on a Sunday evening.
Anyone know what CMS they are using? Doesn't look to be wordpress or joomla, unless it is heavily cusomtise.

Ragnor

8218 posts

Uber Geek

Trusted

#1124232 8-Sep-2014 12:56

It's wordpress, pretty easy to tell eg:

http://www.anchor.co.nz/wordpress/wp-login.php
http://www.anchor.co.nz/wordpress/

So it was probably the usual old version known exploit thing.

Looks like they have updated to 4.0 so problem should be solved (for now....)
http://www.anchor.co.nz/wordpress/readme.html