Update: Hacker fixes some of the mess and post another article, “a friendly reminder only.”
When visitors visit the site (ncst.edu.ph), a messy homepage will catch their eyes at first glance. Messages like “Hacked” can be found everywhere and image with text that stated, “System32 was there.”
“Secure your site before anyone will destroy. No files removed,” continues the text.
Another page is also created in it, displaying the “Davao Cyber Army” logo and shout outs to fellow crews.
The hacker may have accessed the site because of an outdated self-hosted wordpress. File readme.html shows the website is still on version 3.0.3 real out dated for we are now on 3.6. Also, if the wordpress core is outdated, the plugins in the website are more like out dated as well.
One user in a Facebook group(we administer) posted a photo, hinted he could be behind the attack.
Above screenshot is an application called “wpscan” available in the linux distro “backtrack.” The app is mainly used to penetrate websites powered by wordpress.
Currently, the website is still not fixed.
* The last red box in the photo suggests the hacker is trying to bruteforce the password of user “megs.”