ProPakistani Was Hacked and Here is the Complete Story

By Aamir Attaa | Published Aug 26, 2013 | 10:09 am

ProPakistani-LogoBy now, it is likely that you might be aware of the fact that ProPakistani was hacked during this weekend. It was not the first time that ProPakistani was targeted by hackers, but it was only the second time that ProPakistani was defaced in over five years of its existence.

First defacement was due to a flaw in PKNIC, when ProPakistani along with Google and other over 300 .PK domains were defaced.

About recent hacking incident, first thing first, it was our mistake that the website got hacked. We were not up to the mark in securing it and were not able to see this coming.

Having said this, hackers exploited a zero day vulnerability in vBulliten (the script that we use for Forum section) was still unpatched. Through this they penetrated into server and were able to take control for a brief time.

During or after the hack, no data was lost. And everything is in tact.

Luckily, ProPakistani has this history of tracking down its hackers, to their home addresses, home phone numbers, cell phone numbers and so on. This time too, we were able to track the hackers and literally spoke with them over the phone.

After securing our server to an extent, we did our investigation and started collecting data from our friends. With their help, we were able to track down 1337 or shadow008 and H4x0rl1f3 or Dr.Trojan, the lead hackers of the group that had claimed defacement of ProPakistani.

Within 24 hours, we had all sorts of details on these hackers, including their real names, cell numbers, home addresses and more. Instead of getting these guys nabbed, I thought of getting it done the sweeter way. I called up the hacker (he’s out of Pakistan) and gently asked him to stop doing this. Not surprisingly, he accepted the offer.

There were few thoughts exchanged, including apologies and call ended after few minutes on a good note.

We are sorry about the episode. Rest assured, we are making all kind of efforts to make sure that this doesn’t happen again.

📢 For the latest General & Pakistan news and analysis join ProPakistani's WhatsApp Group now!

Follow ProPakistani on Google News & scroll through your favourite content faster!

Aamir Attaa

Tech and telecom reporter for over 15 years


  • I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

  • I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

  • I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

  • I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

  • I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

  • One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

  • One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

  • One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

  • One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

      • How do you get that feeling? From the number of developers and sites that use it? Well, guess what. That says nothing about QUALITY. There isn’t as much quality software in PHP, compared with other languages.

        That’s just the way it is.

        Windows rocks the desktop but you know you’re safer with Linux or OS X.

        • Wrong! Even google get hacked. There is no absolute solution to secure yourself 100% online. Say Yes to PHP

          • Google has not been hacked by any WEB-based attack that I know of (and no, DDoS does not count). So, you’re wrong.

            • We Should Learn From The Past That Ignoring You Is The Best Option..
              In Real Life You Are Nothing But A Looser..
              God He’s So Annoying..

              • I am a loser in real life, that is true. After all, I post comments here. What more evidence is needed? :):):)

          • You are a class 1 MORON. Your linked article on Google Palestine attack clearly says

            Whatever the case, the hack seems to have been a redirect of the site rather than a direct access into Google’s servers, and it was fixed within hours.

            It was nothing more than the same flaw that affected google in Pakistan a few months ago. A domain registry problem. Confirmed by reports on Techcrunch.

            NO DATA OR SERVER OF GOOGLE WAS AFFECTED.

        • Quality & security of software is related to the way of coding by developer not by programming language, Vulnerabilities are caused mostly by not following best-practice programming rules, PHP is open source and open source software is made available for anybody to use or modify thats why more then 244 million websites are developed in PHP.

          • So what explain the fact that open source PHP has more sites and libraries with security problems than open source Python, open source Ruby, etc etc?

            It’s very simple. I’ll give you an analogy. Clifton is in Karachi. Lyari is in Karachi. Both places have Pakistanis. In both places you can get electricity, water, sewage hookup, cable TV, DSL, etc. Yet, given a choice, people prefer Clifton to Lyari. Why? It’s all because of the neighbours, right? The nature of the place is different.

            Same with PHP and other languages. The ecosystem for PHP is very very bad.

      • Look at propakistani posts itself, how many sites has it reported being defaced in the past eight months in Pakistan? How many DIDN’T run PHP or VB? I can’t recall a single one but maybe I missed something.

        Every time I heard of an exploit or problem, 7/10 it is either PHP or VB.Net, 2/10 it is Ruby (using Rails), 1/10 other languages & runtimes.

        What does that tell you? Bad language, or lots of bad PHP programmers? Why not use a better system? A language or system that DOESN’T attact bad programmers? Assuming the problem is programmers and not the language…

        • Are you really that naive or are you trying really hard to look like one?? It’s not the language, its program/script that is exploitable. If you don’t see sites in other languages getting hacked, its not because they are more secure. It’s because there are not many sites based on other languages.

          PHP rocks. As simple as that.

          • The HUGE NUMBER of BADLY written scripts/modules/etc in PHP is the problem. But tell me, Mr PHP Rocks Man, If PHP is so great, why is it so hard for even PHP experts to write security-hole-free software in PHP?

            Example: Hundreds of thousands (if not millions) of sites use PHP software like WordPress. Thousands of businesses depend on it. Would you care to guess how many security updates WordPress core (not plugins, not extra themes, but the CORE software) has had in the past few years? Or in just this year?

            It’s too easy to write bad code in PHP. That’s why there’s a lot of bad code floating around the internet. Do you really believe there isn’t a Ruby gem or Python package or Perl module for whatever you do in PHP? You can 100% find code to perform the same functionality in other languages. Nothing unique about PHP there.

            It comes as zero surprise to me that this site was hacked through a PHP bug.

              • 0% of the software I have written has been hacked in the past 20 years. Yes, I’ve been attacked. Never defaced.

                Coincidentally, almost 0% of the software I have written is in PHP.

                The thing is, even if everything I write is secure, I cannot be 100% certain that the software libraries I use are secure. With PHP, I am certain that the more libraries I use, the closer I get to being hacked. With other languages, not so.

          • Even Facebook uses PHP (for part of their frontend site, very little of the backend). But they’re at least smart enough to use their own virtual machine system (HipHop) and other changes to make it very very hard to break into Facebook using a PHP hole. Sure, it is possible to write secure software in PHP. But you need DISCIPLINE.

            Using other languages forces you to have discipline. You want shortcuts, use PHP/VB. If you don’t want a real language with real solutions to problems (instead of fake objects and idiotic == vs === issues), then good luck, you’re going to write the next hackable site.

          • Wrong. No language is “hackable”. Code written in languages can be good or bad: with PHP, it is overwhelmingly bad.

            Your unwillingless to understand this point is what leads you to be hacked.

  • You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • approx 2 months before i told Amir Atta that your Vbulletin’s security level is zero it was a little bug, but I thought when search over it you will get some more information.

  • I think admin didn’t handle the situation well. If they got the details of those hackers. It should come to public. These hackers not going to stop, I tell you and you didn’t take action against them to teach the a good hacker and set the example for others. Because of you guys such hackers exists on net and keep hacking other pakistani website. Admit it either you get scared from them or you are just suppoting pakistani noob hackers around.

    • I’m going to agree with this. These wannabe hackers are causing mischief and harm. If they truly wanted to solve problems, they’d hack into your site and fix the bugs. They’d also provide vulnerabilities to the authors of the hacked software.

      They’re just having fun at everyone else’s expense, maybe not caring that fixing every defaced site causes a lot of stress, if not money.

  • Everyone of us commit mistakes not big deal, but the important is to admit one’s own faults. You did so. It shows your greatness. I do appreciate it. Secondly accessing till roots is also your brilliance. I am happy you are a good professional.

  • Pretty shameful how you handled it. These hackers will obviously target other pakistani sites , and you let them go.
    It is the same as forgiving a serial rapist by not informing the police. He will go rape the next girl he can.

  • The Hacker is actually Dr. Tahir-ul-Qadri, Amir Atta is Qamar Zamaan Kaira and Pro-pakistani is D-chowk.. Every situation is the same.
    Inside the container we did not know what happened, and here we also did not know PARDE KAY PECHAY KYA HAI

  • I think the best way to be secure is to hire a security expert to do ethical hacking on quarterly basis….or to outsource it to anothetr company!!!

    • lens

    Spotify Launches ‘Your K-Pop Persona’ to Celebrate the K-Pop Fandom
    Read more in lens

    perspective

    A Love Letter to Pakistan: A Foreign CEO Reflects on 5 Years
    Read more in perspective
    Get Alerts

    Follow ProPakistani to get latest news and updates.

    Follow Us

    ProPakistani Community

    Join the groups below to get latest news and updates.

    Tech & Telecom
    Business
    Auto
    General & Pakistan
    Sports
    Entertainment
    WhatsApp Channel
    >