Wellington webhoster iServe was the victim of a large-scale hack this weekend, according to Joy Cottle, general manager, who says hundreds of sites were defaced.
Amongst the prominent victims of the hacker were Rodney Hide, ACT member of parliament for Epsom. Hide's site was defaced, with the hacker leaving a message in Turkish. The message is the name of a popular song that is popular in Turkey currently.
Cottle says the hacker is believed to be a Turk, too. The hacker is a prolific one, Cottle says, and in the top 50 worldwide. He specialises in attacking government and political party websites, but his motives for doing this are not known.
The hack was perpetrated through a customer running a vulnerable version of the popular PHPNuke script, Cottle says. By compromising the customer's server, the hacker was able to use a script that went through hosts on iServe's network and defaced the content on webservers there.
It took iServe staff some three hours to notice how widespread the damage was after initial reports from customers and attempts to restore their systems. At that stage, Cottle says iServe decided to restore all customers' data to ensure it was was clean. That process took a further twenty hours, Cottle says, adding that her company is looking at a an additional salary bill for the weekend at over $20,000. Service has been restored for the majority of iServe's customers on Monday, Cottle adds.
To prevent attacks like the above happening again, Cottle says iServe is seriously considering banning scripts like PHPNuke and PHPBBS from its network. These two have a long history of vulnerabilities. Cottle says that iServe has to deal with multiple hack attempts every day, and that it's very difficult to keep on top of the large amount of vulnerabilities that crop up. Hackers are very quick to exploit security holes as soon as they appear, Cottle says.