Seeing a website being hacked in real time

You always hear about these stuff, a website has been hacked and its landing page has been changed by the hacker. But, what are the chances you’ll get to see that, as it happens, on a large website.
It was 48 hours ago. I went to checkout weeworld.com, a cool avatars creators which recently released a nice new feature for theire avatars called weeRooms.

To my surprise this is the page that was loaded:

Weeworld hacked 1

After rechecking that I got the URL right, I opened the website in IE as well and got the valid weeworld website. This likely happened, and I’m only guessing here, cause their load-balancer served me with a different weeworld server, one that hasn’t been hacked yet. When I refreshed a minute later, this server gave me the hacker page as well. It gave the feeling that this is a hack in progress and the hacker is going through all of their servers and changing the landing pages (index.aspx).

IT try to fight back:

Weeworld hacked 2

Server is down:

Weeworld hacked 3

Website is down:

Weeworld hacked 4
It took another few minutes and the website was completely down (probably by weeworld IT). It took a few more hours and the weeworld website was up and running again. Congrats to the IT for getting a hold of this hack and fixing it in a short time which probably felt like eternity.

I guess it’s satisfactory for the hacker to hack a relatively large website like weeworld. But, what with these 1990’s styled hacker landing pages?! Don’t they want to update it to something more contemporary? Something more Web2.0’ish with gradients and reflections and a little bit of Ajax, or better yet write it all in Flex. A guy who can baffle the minds of full security crews can’t come out with an appropriate web page? The same way developers became design / usability aware interactive developers, I think we should have also usability aware hackers.

The hacker landing page also included two prank scripts that i don’t think even work since windows 98.

This VB script is supposed to open your CD drive. VS script?! What is the computability of VB script?!

[vb]Set oWMP = CreateObject(“WMPlayer.OCX.7” )
Set colCDROMs = oWMP.cdromCollection

if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count – 1
colCDROMs.Item(i).Eject
Next ‘ cdrom
End If[/vb]

This Javascript is suppose to shake your browser:

[js]function shake(shakes, vibration) {
for (i = shakes; i > 0; i–) {
self.moveBy(i, vibration);
self.moveBy(-i, -vibration);
}
}

shake(‘100′,’100’)[/js]

Both scripts look like they were created by some program.

I’m glad that weeworld.com is up and running again and probably in a more secure way, check them out they have some cool stuff.

Apparently iskorpitx is a famous Turkish hacker who’s been doing this for a long time, he even got a promo video in youtube. Is that a Web2.0 hacker or what?!

Guy A

Read more posts by this author.