BURBANK, CA – October 11, 2010 – Leading search engine marketing company Submit Express reported on that the web server hosting their website submitexpress.com, iclimber.com and several other websites was hacked on October 4. Some of the other sites affected were armenian.com, autocrust.com, michaeljacksonforum.com and realestateandmortgageinfo.net.
“Our remote backup server was able to come online once the hack was automatically detected, limiting the impact to our home page to five minutes,” said Submit Express President and CEO Pierre Zarokian. “However, other sites that were impacted had to be restored manually by their owners after notification. Judging by the message left by the hacker, he or she appears to be Muslim, and we aren’t sure if the sites were specifically targeted or if this was a random attack.”
The hacker was able to re-enter the sites four times after they were originally fixed, either through his original method of entry or through a script he installed during his original attack. While the IP address used in the attack is from the Gulf state of Qatar, it’s not known if the attack originated from there or if proxy servers were used.
“The good news is that the hacker failed to remove our databases and the majority of our site files,” Zarokian said. “Instead, it appears that the index page within each folder was removed, with any files containing names starting with the words “index,” “home,” “main” or “default” being impacted. These files were replaced with a graphic image shown below. Any file starting with word “log” was also completely removed.
“We suspect the hacker access our server through a security hole in WordPress, but we are still investigating the exact method of the attack.”
Known for his the handle “BOFAISAL” with the email address of email@example.com, the hacker has claimed responsibility for many website attacked in recent months. A Google search shows more than 1,000 results for the phrase “BOFAISAL hacked” and 700 results for his email address. Please contact Submit Express through our contact page if you have any information on these attacks.
“We are updating all older and potentially vulnerable versions of WordPress blogs on our server,” Zarokian said. “We recommend that all WordPress blog owners do the same and upgrade their blogs to the latest version.”
Below are the two different messages and images he posted during the recent attacks: