Daniel’s Hosting, one of the most popular and largest hosting services providers for the ‘Dark Web’ Tor network was heavily targeted by cybercriminals, the hack attack wiped the server clean of 6,500 websites. Though the attack and the statistics have been confirmed by the service, the administrator still does not know where the vulnerability exactly is.
Apparently, the websites have been forced to go offline but there’s more to the injury.
Acknowledging the hack attack, Daniel Winzen who is a German software developer and the hosting administrator stated on the hosting provider’s website that the attack was instigated on Thursday i.e., 15th of November which is a day after a PHP zero-day exploit was leaked.
Referenced from Winzen’s writings, “The account “root” has been deleted,”
“To this day around 6500 Hidden Services were hosted on the server and there is no way to recover from this breach, all data is gone.”
“I might re-enable the service once the vulnerability has been found, but right now I first need to find it,” said Winzen having ambiguous thoughts on the ‘type’ of vulnerability.
According to him, the attackers worked their way to gain root access via phpMyAdmin and subsequently had all the data erased from the server.
Quite oddly, Winzen noted that the attackers somehow did not get access to the full system.
Putting that into perspective, he explained, “Other than the root account, no accounts unrelated to the hosting were touched and unrelated files in /home/ weren’t touched either. As of now, there is no indication of further system access and I would classify this as a “database only” breach, with no direct access to the system. From the logs, it is evident that both, adminer and phpmyadmin have been used to run queries on the database.”
As the culprit remains to be unidentified along with the reason why Daniel’s Hosting was particularly targeted, Winzen quite reasonably is seeking IT security researchers and ethical hackers to get him through the crisis by identifying the vulnerability.