Tiresome security vulnerabilities and wannabe l33t h4ckerz

Posted on by

The 11112018 organisation web site got hacked last week.  Some child replaced the site with a pro-Islamic page that boasted of their l33t h4ck1ng skillz and claiming to be an Afghanistani member of a hacker team:

Screenshot of the hacked 11112018 web site

Hacked 11112018 web site

Meh.  The page was the sort of thing one saw on bulletin boards back in the early 1990s with a link to an (uncredited) image of a Moslem knight.

It is a shame that in doing so, they trashed the 11112018 anti-war web site. How to make friends and influence people, not.

They managed to do so because I had not applied an update to the Drupal web content management software I was using; the version had a security vulnerability this person took advantage of.  A quick Google search shows they have uploaded identical content to over 700 web sites.

What amazes me is the poor quality of their work.  The HTML is full of stupid errors that shows the child responsible did a simple cut ‘n’ paste of downloaded code into existing HTML without knowing what they were doing.  It also includes embedded JavaScript, some of which does not execute at all because it is incorrectly implemented.  The layout of the HTML also demonstrates a total lack of understanding of what they were doing.

This is the technology equivalent of putting sugar in someone’s petrol tank or letting their tyres down.

(But they were unwise to leave log file traces, names, IP addresses, traceable script and a trail of identical destruction to other web sites online.)

My To Do List for June included replacing Drupal with something else and putting up a load of content onto the 11112018 organisation site.  Well, now it seems I’ll be replacing the site completely.  Time that would have been spent working on peace studies and pro-peace activity.  But now with slightly less motivation than I had before.

Although I could claim “Hey, I’ve arrived!  A pro-Islamist activist group have targeted my peace web site for taking down and replaced it with their messages of hate!”  But the reality is they have an automated script that just trawls the domain lists for sites due for renewal and searches for this specific vulnerability, then automatically applies their—rather awful—content.

They have just as mindlessly replaced a web site for childcare and a children’s skateboard park web site.

It’s just the same childish, mindless vandalism as spraying swastikas on bus shelters.

I am so disappointed.

Leave a Reply

Your email address will not be published. Required fields are marked *