The web sites of more than a whopping 200 Australian organisations were hijacked and vandalised in a spate of hacks last week.
In the largest single attack, a hacker gained administrative access to the Direct Admin server management system used by a hosting provider, who Computerworld Australia will not name, and suspended 159 accounts rendering their web sites inaccessible to the public.
The suspension notification page was then defaced with the hackers’ moniker and religious propaganda.
The hack was launched through a flaw created after an automatic patch of the admin system failed to complete.
The hosting provider noticed the vulnerability a few hours after the update failed, and conducted a manual patch to bring the web sites back online and remove the defacements.
The company also changed the compromised master passwords for the Direct Admin system.
A manager at the hosting provider said it was the first time the automatic update had failed.
“Make sure your updates are done, even if they are automatic,” he said, adding that a single server in the hosting provider’s data centre blocks more than 25,000 spam e-mails an hour.
“If you do get breached, make sure you change your master passwords.”
The cause of the patch failure was unknown at the time of writing, but the manager said the companies’ technical support staff were conducting forensic tests.
“Problems like these get flagged in a message that is sent off to the techs. But the update failure could have happened at 2am, Friday night — we are looking into it,” he said.
He suspects the flaw was internal, and praised the functionality of the Direct Admin system.
The web sites of the affected customers were not compromised past the suspension page, the manager said.
The attack followed a series of defacements to some 50 Australia web sites about 48 hours earlier, which saw unauthorised text pages injected into
the sites through suspected SQL injection attack.
We understand disclosure and discretion are top of mind for organisations that have endured a data breach. Tell Computerworld Australia and help your colleagues protect themselves. All tip-offs remain anonymous. Contact us here.