Today I went to a client site and only saw “o” on the screen. Called the client thinking it was a hosting problem like maybe it didn’t get renewed. Client called hosting, and hosting told him the directories were empty. I used FTP to see for myself. I noticed a few things:
- index.php file has a 2009 date, but a index_old.php has a date from just week ago. I was sure no one had made any changes to it recently. Downloaded index.php and it seemed okay. I had a back up of the site from a few months ago and this index_old.php wasn’t in my backup…strange.
- a jpg file called “sejeal.jpg”. Again not in my backup. Downloaded it and opened it. Probably shouldn’t have. Looked it up in Google and found it was a related to a hacker taking out data centers.
Here is what the page looked like.
In the directory was this image.
Cont…
Found out Sejeal got hack of the day on Jan 31, 2013 from this site.
http://belsec.skynetblogs.be/archive/2013/01/31/hack-of-the-day-webshopawards-website-as-an-example.html