Website Got Hacked by chliZAceh!

Jan 142012
 
 Website Got Hacked by chliZAceh!  January 14, 2012  Posted by at 8:15 am Computers, Linux, NerdBox, Politics Tagged with: , ,  Add comments

Hacked By chliZAceh?

You may see chliZAceh calling card when you view your website. Unfortunately this means he has hacked your webserver not you website.

This website was recently hacked  by chliZAceh.   Thanks mate; I appreciate that.

I’ve been trying rying to fix your work in between changing my kids dirty nappies, preparing dinner for my wife when she gets home from work, cleaning up the house and helping other people with their NerdBox issues … so your handiwork is very much appreciated.  Yeah, thanks mate, thanks very much! 

A seemingly nice chap, chliZAceh  at least had the decency to leave the files on the server intact and just inserted a dummy home page which got served up by the webserver instead of my material. Essentially his dummy webpage masked my content.

The articles on this website were still accessible by direct link or search engine.   That was nice of him if I must say and a pleasant surprise considering some hackers are nothing more than vandals who just want to hurt people and upset them for no other motive than self serving satisfaction.  

chliZAceh left my site in a recoverable state.  So thanks for that chliZAceh.  I wish I knew how to pronounce your name.  If I was familiar with Indonesian then I would probably have some idea but unfortunately I’m not fluent in Indonesian so I don’t understand what they were singing about. 

Actually, chliZAceh has a lot of good stuff, tips and tricks, and reviews on his website, but it does not change the fact he hacked mine for no apparent reason.

Hacked Why?

I have no idea why  I was hacked by chliZAceh or why he hacked my web host account at JustHost.com. My web host uses a Linux (or Nix) server so I thought it would be a little more secure that it was. Or, it could just be my lack of security adherence.

chliZAceh appears to be a hacker with a political chip on his shoulder and decided he wanted an innocent person to suffer; thus choosing as well as many others. I can appreciate the principals and the cause he claims to stand for, but there is no way he is going to promote that cause in a sympathetic manner by hacking a blog that has absolutely nothing to do with whatever it is he trying to stand up for.

If a hacker is serious about what whey stand for then they would go after the big worthwhile targets; entities like governments, military organisations or major law enforcement services.  I don’t know how hacking a website that talks about Colemak keyboard layout, typing, computer keyboard switches and meditation exercises will further his cause, but I can assure him, it doesn’t.

Being hacked by chliZAceh doesn’t really make any sense  because I’ve nothing on this site that he would want to protest against; other than some meditation articles. I’m not pro or anti Muslim, and in fact I am sympathetic to the plight of the Palastinians in the Middle East. So, I’m not sure why he singled me out. 

Hacked How? 

chliZAceh appears to have found a vulnerability in WordPress or JustHost webhosts and written a script to exploit that vulnerability (perhaps).  Really, I don’t know how, this is just a guess.  But, he gained access to my site at webhost level effectively bypassing WordPress security.

He has been very busy and by the volume of websites he has hacked it would appear to be automated.  I’m not sure how good he is but there doesn’t seem to be enough hours in the day to hack 95 or 100 websites; so he is obviously using an automated script. 

However, the hack its self is a simple html document called index.htm that gets served up to the web browser before any other requests are processed.   This serves to mask the website from the internet and only shows the html page uploaded by chliZAceh to the web server. 

How to Fix a site hacked by chliZAceh

To fix a website hacked by chliZAceh’s you need to have administrator privilages and log onto your webserver or webmaster admin panel.  The fix is as simple as removing chliZAceh’s index.htm file because this is what is served up to web visitors before your own content.  

You may notice that the file and folder permissions have been changed too.  If you are running on a Linux Apache webserver then these permissions should be 755 for folders and 644 for flies.  

This fix worked for me.  If you find yourself hacked by chliZAceh you should try this fix first.  Although, he may read this post and subsequently change his tactics.  In fact, he may read this post and come back and trash this site

In retrospect being hacked by chliZAceh wasn’t that bad.  I was a pain in the neck but it could have been much worse. 

Try to Have Fun

Try to have fun with this and consider it a learning curve. It was a pain in the neck fixing a site hacked by chliZAceh but it’s not impossible, and relatively easy once you understand how the hack was done.  But, I still can’t figure out why my site was chosen. 

Peter Hallam

Peter Hallam