Muslim Hacker Brings Down Many Websites and Wordpress BlogsBURBANK, CA - October 11, 2010 - On October 4, search engine marketing company Submit Express reported that the web server hosting their website submitexpress.com, iclimber.com and several other websites was hacked. Some of the other sites affected were armenian.com, armeniasearch.com, anextek.com and idolfanforum.com.
"The submitexpress.com website was only affected for five minutes as our remote backup server came online once the hack was automatically detected," said Pierre Zarokian, president and CEO of Submit Express. "However, the other sites had to be put back up manually by the site owners after we notified them. The hacker seemed to be Muslim or proponent of Islam, from the message that he left. We are not sure if our site was specifically targeted or if this was random."
The hacker was able to re-enter the sites on four separate occasions after they were originally repaired. It appears he either installed a script enabling him to re-enter the sites or used his original method of entry. The IP address used in the attack originated from the small Islamic country of Qatar; however, it is also possible that he used proxy servers and may not be from Qatar.
"Fortunately the hacker did not remove our databases and too many of our site files," Zarokian said. "It seems that he simply removed the index page within each folder. Any files that contained names starting with the following were affected: index, home, main and default. These were replaced with a message that you will see below. In addition, any file starting with word "log" was removed completely.
"We think he may have got into our server through a Wordpress Blog security hole, but we cannot be sure. We are still investigating how he could have possibility gotten in."
The hacker goes by the handle "BOFAISAL" with the email address of firstname.lastname@example.org. A Google search shows this person has claimed responsibility for hacking many websites in the past few months. There are more than 1,000 results for the phrase "BOFAISAL hacked" and 700 results for his email address. If anyone has more info on how he could have gotten in, please feel free to contact us from our contact page on Submit Express.
"We are now updating all the older versions of Wordpress blog on our server, which we feel are vulnerable," Zarokian said. "We recommend all Wordpress blog owners to also upgrade their blogs to the latest version."
Below are the two different messages and images he posted during the recent attacks:
Oct 11, 2010