Web Developers, Beware, Your website might be hacked

A notorious group of hackers going by the name Learners Of Curiosity are specializing in defacing websites after series of Denial Of Service attacks, cross-site scripting, path traversal and or SQL injections then posting a “Owned” message on the hacked websites. They then tweet about their conquests like in this example:

A screenshot showing Learners Of Curiosity latest conquest

The link on their Twitter page links to ZONE-H which is an archive of defaced websites. Once a defaced website is submitted to Zone-H, it is mirrored on the Zone-H servers, it is then moderated by the Zone-H staff to check if the defacement was fake. Sometime the hackers themselves admittedly submit their hacked pages to the site.

Their submissions total to over 130 ‘hactions’. Unmissably on the list was Kenya Methodist University’s portal http://online.kemu.ac.ke/ that was defaced on 2012/01/04.

The other listed sites were mainly from the USA, Brazil and UK. Here is the link http://www.zone-h.org/archive/notifier=Learnersofcuriosity/page=1

You might want to read:

How To prevent MySQL injection  http://www.tech-evangelist.com/2007/11/05/preventing-sql-injection-attack/

Guide to PHP security http://dev.mysql.com/tech-resources/articles/guide-to-php-security-ch3.pdf

Prevent Denial of Service attacks http://www.applicure.com/solutions/prevent-denial-of-service-attacks

Tagged , , , , , , , , , , , , , ,

One thought on “Web Developers, Beware, Your website might be hacked

  1. teo says:

    what if my site has already attackec by these f*****s?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: