Two days after a hacker defaced its site, the World Wildlife Fund Philippine chapter suffered another attack Friday, with the hacker leaving behind tips to improve its security. As of 4:21 a.m. Friday, the tips - in text format - were still posted on the homepage of the WWF Philippine chapter's homepage.
A screenshot of the WWF Philippines website's homepage as of 3:52 a.m. Friday, featuring "tips" left behind by a hacker. It was the second hack on the site in a week. GMANews.TV
However, the site appeared back to normal as of 8:30 a.m. Friday. Before the site was restored, Friday's predawn hacker suggested that WWF schedule a site maintenance, and left three pieces of advice:
Fix SQLi Vulnerability (queries all usernames and passwords); Fix Remote shell upload Vulnerability (enables up to upload backdoor features); Fix Joomla or you can't login via its interface "I appreciate your strong passwords except on the cms (content management system)," the hacker added. The hacker identified himself/herself as RedHat9112 of "Pin0yeXpl0itTeam." Last Wednesday, hackers attacked the website of the WWF Philippine chapter, replacing the home page with a YouTube video. At the time, visitors to the site saw a video and a message that suggested a connection with an attack on the Bureau of Customs website. "This country is run by mahou shoujo ... Powered by: Contract ; Puella Magi Madoka Magica Squad," read the message. The "mahou shoujo" was the same anime referred to in the page of a hacker who defaced the Bureau of Customs website last June 15. Earlier, Malacañang said the security of government website may be reviewed soon, a day after a "Filipino" hacker group hinted at more attacks on Philippine government websites. Presidential spokesman Edwin Lacierda indicated National Security Adviser Cesar Garcia is studying creating a task force to do the review. — RSJ, GMA News 
GMA Brandtalk
Tracking
Archives
