Home / Defacement / IT focused College website defaced!
passwords hacked

IT focused College website defaced!


Even website of a School that is more into Information Technology is a no exception to local hackers.

The official website of BestLink College of the Philippines gets a grey background and a fancy anonymous logo on screen after it is hacked by a local hacker.


A message from the hacker can be read, “  Your website have a weak security.In order to protect your website for the future attacks,improve your website security because you have too many bugs and vulnerabilities.But don’t be worry because NO FILES DELETED on this attack. Your website have a weak security.In order to protect your website forthe future attacks,improve your website security because you have toomany bugs and vulnerabilities.But don’t be worry because NO FILES DELETED on this attack.”

As I investigate the website, it is powered by WordPress, the world’s most popular content management system.

Even if the site is up to date, running version 3.5.1 it does not stop the hacker. May be it could be a plugin issue or the host where the site is built (symlinked).

The defacement is not new to Google search, the engine shows that the website is also hacked back April 17 and was posted in Hackforums, where the thread author claimed he successfully shelled the website.

More of the investigation, right-clicking on the deface website does not work. A pop up shows “beware bla bla ,” so what I did is to save the file and view it locally.

The culprit appears to be Mrose, that is based on source file.

mrose source code

As of writing, the website is still defaced.

www.bcp.edu.ph –> The BESTLiNK College of the Philippines is committed to further advance of the competency and skills of the Filipino youth by providing all the necessary tools, equipments, and techniques in teaching. BESTLiNK has also the advance and state of the art facilities to make the students more productive and knowledgeable in the advance world of IT today.

 

 

About Clifford Trigo

I am Clifford Trigo a proud Boholano / Pinoy / Filipino Web App Security Researcher. Day by day, I'm learning new things :)) Visit my Hackerone Profile, currently at top 2 overall :D