Wasapers.com and the Kwentong Barbero Podcast

Here’s the official word from our host on what exactly happened:

Dear Valued Client:

Last Friday, September 22, The server MandaOne was defaced by a person or group who call themselves TheHacker. (This) group has not only affected us, but a lot of (other) websites as well and hasn’t stopped until now as seen in www.zone-h.org’s website:

It is normal for (anybody) to ask, “How were they able to break into the server?” and begin to question the server’s security. Upon investigation, we found a file named Ka0tic.pl in one of our client’s directories. This client uses a free Content Management System program as its website builder, and suspected right away that the file was placed there via an exploit. The script defaced all the server’s index files (even the backups) and replaced them with an index file that has “Thehacker // Thehacker” on the page. Also, on that same account there was a delogger script whose code is unreadable, was responsible for some of the server’s services to stop running correctly hence, a reinstall was necessary to fix the issue.

The reinstall was completed after 8 hours and the first batch of sites were made online a few hours after that to insure that there are no more files of the kind mentioned above (that are still) live on the server. You may notice that your website’s page is blank. This was done so that all your other files will not be seen by (internet visitors) without your knowlege while we await for you to upload your index files. The extent of the damage is confined to all home pages and not your emails, databases, movies or pictures that you have on your account.

We have been always doing our part in securing our servers for our clients since day 1 of our existence. We would like to ask for your help also in doing the same by reporting to us malicious files that you may find in your accounts so in the future, we can prevent this from happening again. We also have mapped out new procedures in handling backups and server security to minimize or eliminate damage from these kinds of attacks. If you have suggestions and comments on how this situation was handled, (they are) most welcome.

Thank you and we apologize for the inconvenience that this has done to you and your business.

(xxx)Hosting Team
.

We, our host, and our host’s host were attacked in the past 24-36 hours.

The superficial extent of damage by the security breach was that of a global replace command on all index files on all hosted domains. Meaning, all our index files were replaced with some schmuck’s shit signature.

That wasn’t so bad, but to be on the safe side, our host restored a backup of known clean data files. However, said data files seem to be the standard end-of-the-month backup. Meaning, all website posts, website comments, changes, forum posts, and new forum usernames since September 1 are gone.

Ang buhay nga naman… Give us some time to maybe reconstruct the new blog posts - if we’re not feeling too lazy to. I think there were just a couple of them anyway. As for the forum posts and comments, fresh ones from y’all will do.