We were recently the subject of a hack attempt where the perpetrators’ main aim appears to have been to get the site blacklisted in search engines such as Google.
At no time was any user data compromised or accessed.
An exploit against the site took place which was a misguided attempt to ‘sandbox’ it. This is a Black Hat Search Engine Optimisation technique.
The script exploit that was being used on our site was uploaded to the server through a vulnerability found in a third party plugin we were using. This file then generated dynamic pages that mimicked spam.
Many of the titles were related to copyrighted works and the mostly intelligible text within them referred to methods for obtaining copyrighted materials for free.
The script that had been placed on the server generated just under 100 pages automatically. The suspicious URLs generated were then listed with Google and other search engines which would have identified the URLs as spam.
The end result would have been the removal of the website from the search engines.
However, even the Black Hat SEO forums recommend against sandboxing a competitor’s website as it is a very limited and short-term method for wiping out the competition.
Our site was attacked sometime around late afternoon to early evening on Friday 13th May. Two volunteers spotted the attack within a few hours and by Saturday 17th May the website was made inaccessible to users. Our volunteers worked tirelessly around the clock and managed to remove the exploited code on Monday 16th May, but kept the site locked down and inaccessible to carry out additional checks and improvements. The site was made accessible on Thursday 19th May 2016.
Data was held securely with no breaches to user data.
All sites are subject to hack attacks by malicious users where the main focus is usually to infect and spread malware, adware and/or viruses. In other cases it is an attempt to capture personal data.
In this instance, the attack was unusual as it was designed to destroy our listings in the search engines. This type of attack is usually carried out by a competitor who doesn’t mind using Black Hat techniques to remove online competition, or carried out by someone who wishes to restrict access to public information.
We have passed on the exploited file and server logs to various online security experts.