Website Defacement

Website Defacement

  • Website defacement is an attack on a website that changes the visual appearance of the site or a web-page. These are typically the work of defacers, who break into a web server and replace the hosted website with one of their own.
  • One fine morning the IT Head of a manufacturing company received a call from the CEO of the company. He was asked to check the company website since the CEO had received call from one of the clients mentioning that the company website appears to be hacked and is showing some defamatory message.

Below is the home page of one of the hacked website.

  • IT head quickly checked the website and asked ANA Cyber Forensics Pvt. Ltd. for assistance.
  • Computer Hacking Forensic Investigator (CHFI) from ANA Cyber team was quick enough to reach the vendor location and take the control of the situation. During investigation, it was found that the hacker had uploaded his own web pages on the website and renamed the actual pages.
  • The modus operandi was uploading a shell and taking control of the website.
  • Shell uploading is one of the most major attacks we can find on a web application. Once an attacker is able to upload his shell he can get complete access to the application as well as database.
  • Shell is uploaded commonly from web-pages that contain options to upload images/documents/pdf etc.
  • The investigator quickly restored the pages to prevent further damage but kept looking for more. It was found that few more back-doors were created which could have enabled the hacker to re-enter the web-server again in future. They all were successfully quarantined and security was beefed up. In this process it was discovered that the back-doors were placed on the website since a long period time and was been monitored by the hackers.
  • Certified Ethical Hackers from ANA Cyber Forensics Pvt. Ltd. conducted an in-depth VAPT of the website which disclosed vulnerabilities in the application hosted on the server and provided solution to patch the same.

Leave a Reply