The official website of BestLink College of the Philippines gets a grey background and a fancy anonymous logo on screen after it is hacked by a local hacker.
A message from the hacker can be read, “ Your website have a weak security.In order to protect your website for the future attacks,improve your website security because you have too many bugs and vulnerabilities.But don’t be worry because NO FILES DELETED on this attack. Your website have a weak security.In order to protect your website forthe future attacks,improve your website security because you have toomany bugs and vulnerabilities.But don’t be worry because NO FILES DELETED on this attack.”
As I investigate the website, it is powered by WordPress, the world’s most popular content management system.
Even if the site is up to date, running version 3.5.1 it does not stop the hacker. May be it could be a plugin issue or the host where the site is built (symlinked).
The defacement is not new to Google search, the engine shows that the website is also hacked back April 17 and was posted in Hackforums, where the thread author claimed he successfully shelled the website.
More of the investigation, right-clicking on the deface website does not work. A pop up shows “beware bla bla ,” so what I did is to save the file and view it locally.
The culprit appears to be Mrose, that is based on source file.
As of writing, the website is still defaced.
www.bcp.edu.ph –> The BESTLiNK College of the Philippines is committed to further advance of the competency and skills of the Filipino youth by providing all the necessary tools, equipments, and techniques in teaching. BESTLiNK has also the advance and state of the art facilities to make the students more productive and knowledgeable in the advance world of IT today.