I have already written about the danger to your website caused by insecurely stored back up files. However, it was a case when I was able to find FTP credentials used by Updraft backup WordPress plugin stored in the back up of the database. I think this is the most straightforward hacking technique ever and it doesn’t require specialised knowledge or software to perform the hack. But today I will tell you about the more sophisticated method.
So, let’s begin with the very first step of this hacking method. As I mentioned in the previous post, some Google dorks could lead you to websites with unprotected backup files due to the open directory listing. Trust me, there are hundreds if not thousands of such sites, and you can find them by applying various dorks since various WordPress backup plugins have different file naming scheme.
OK, now when you have a potential list of vulnerable websites, it’s time to pick up one and proceed with other steps. We are looking for sites with backups of the database which you can use on your local machine. Download the WordPress database file, and you’re ready to start the hack. Continue reading Hacking website with brute-force type attack on a local machine
Recently I was making research on hacked websites of hotels. And step by step I reached out the website of Q Brainstorm Software company. Q Brainstorm Software is an IT company from India, established in 2004. This company offer an extensive range of various services based on several programming languages, website development, mobile app development and even SEO services. Briefly, “We do everything”. But they attracted my attention not because of their services, but because of their products.
Q Brainstorm Software products
Looking at the product page, I see the list of several products:
- Hotel Desktop – Available in three different versions, ultimate hotel management solution for small and medium accommodation facilities.
- Hotel web – Hotel Pro desktop version can be further enhanced with a web module where you can manage your reservations and view the calendar using just a web browser.
- Hotel Mobile – Hotel mobile app is a comfortable way of managing your reservations from any place in the world. Only a mobile phone or tablet is required.
- Channel Manager – Hotel can be synchronised with the most popular channel managers in the world such as YieldPlanet, Octorate or WuBook.
- Online Booking Engine – Allow customers to make reservations directly through your website with a modern, fully customizable online booking engine.
- Advanced Functionalities – Accounting, statistics, logbook, customizable documents, automated emails, rate plans, services, meals management and more!
These products are business oriented, which is a little frightening to me and I’ll tell you why.
If you’re looking for a software to power up your business one of the primary requirements is the safety of the software. The vulnerable software may endanger business in various ways. Now let’s think about whether you can trust your business to the company and its products if the website of the company itself is hacked? Yes! Hacked. Continue reading Q Brainstorm Software hacked and this endangers their customers
Exploitation of hacked websites for cryptocurrency mining is a new thing, and it gets more popular day by day. Hacking websites for fun or other reasons like spamming, other exploitation is a thing of the past. All previous exploitation methods of hacked sites are outdated, have low-profit margins (except stealing of CC credentials and similar data) and incompatible with the modern trends. Now everyone wants cryptocurrencies, everyone obsessed about crypto money and everyone is ready to do anything to get it.
Continue reading Exploitation of hacked websites for cryptocurrency mining gains popularity