Dawn.com Gets Hacked

Dawn.com, Pakistan’s premier newspaper’s, website got hacked few hours ago, when an Indian hacker group namely ‘IndiShell’ successfully penetrated into one of it’s section and defaced it.

Hacker claims to have hacked this website for no reason, he noted:

56 alexa in pakistan , 3,500 worldwide, pakistan’s biggest news portal

Dedicated server , 24/7 support, vip information , Honey pots

But Still Failed To Keep Me out of your b0x

Nothing Personal, Just wanted to check if am still the same and EPIC y0u got owned

Defaced URL: http://archives.dawn.com/

Hackers have released username and password for the dawn.com databases as well. It is feared that selected data on the website has been stolen.

dawn


  • Saeed

    Bad!

    Our Paki hackers please do respond quickly and show our potential.

    • Saeed

      Also, Had hai yar dawn website security Teams ki kay WP installed hai aur woh bhi default DB strings kay sath.

      Muzey tu sharam arahe hai yar kay Yeh log Govt jaisay SOEEEEE rahay hai.

  • Shahid Saleem

    PHP. What more can I say…

    • Aamir

      Why PHP? Poor programming I say. Wikipedia is in PHP.

      • Shahid Saleem

        Think about why people use PHP and there are jobs for PHP. It’s not taught in any college or university, like Java or C++ or .Net. Sure, there are some big sites that really depend on PHP like Facebook (but they use non-standard and their own tools for that. read about HipHop and their new HipHop virtual machine).

        Think about the main sites you have heard about that were exploited lately. The PTA site, other many sites. Even when there is an SQL injection attack, almost all of the time, it was a PHP site. Why is it that there are SQL injection attacks or XSS attacks mostly suceeding against VB.Net or PHP sites?

        Answer: it is easy to write quick and dirty code in PHP that works. Answer: it is easy to hire people who know very little about programming and get them to create PHP sites very quickly. They don’t need to learn fancy things like OOP or design patterns or anything like that! (Same time, they don’t get to learn about defensive coding techniques and oops! hacked site!)

        It is very easy to avoid SQL injection attacks with PHP. But how many times do you see code that does $sql = “insert into blahblah (id, name, whatever) values (” . $_GET[“id”] . “, ” . $_GET[“username”] … you get the idea. Trust user input = you will fail HARD.

        I myself have had to maintain a wordpress site that someone else worked on and I am GENUINELY SCARED to run that site on my server. In fact I got a separate server just for the site because I don’t know what code they added. Who wants to expose their server to untrusted PHP code? Not me.

        • Aamir

          That surely doesn’t prove PHP to be wrong. It’s all about the skills you have in programming. For big websites like Dawn, a proper programmer would surely follow the OOP approach and the loopholes must be double checked for any kind of attacks. All those things can be happened to the scripts written in other languages as well if there are any flaws left in the code. Whenever you’re taking input from user, you are surely in danger of getting attacked. The question for Dawn is that why did they hire such programmers who live in happy world and don’t look for the security of their scripts and I’m afraid they would be using single “DB User” for administration as well as for the public site. What PHP can do on it’s own if the code writers of it are poor?

          • Shahid Saleem

            — The question for Dawn is that why did they hire such programmers who live in happy world and don’t look for the security of their scripts and I’m afraid they would be using single “DB User” for administration as well as for the public site.

            — What PHP can do on it’s own if the code writers of it are poor?

            Problem is, PHP attracts poor coders. It’s very very easy to get something written that works in PHP. Whereas with JSP you have to learn a few things, similarly with other languages and web frameworks (RoR, Python framework, etc)

            And PHP programmers are CHEAP.

            • Aamir

              Ok

  • Amir

    At least they have changed the database password :P

  • Still the hacked page is online , is dawn sleeping.

    • zulfi

      seems like they waked up now..link is not opening any more.

  • Ammar

    Now they wake up after this post….lol

  • Aray yaar khud nhi secure ker saktay to humay hi bol diya hota :) at least itni security to honi chahiay… BTW this is start of cyber war..

  • A Big Laugh At Their Team :)

    • Wajdaan Alam

      rather than laughing we should try to learn from these mistakes :-)

  • Naukhez Rabbani

    Seems like SQL injection to me, it not about php, protecting server is totally a different task, Even facebook is in PHP but using multiple languages and server machines for compiling.

  • KashifKhoso

    hahaha check out http://www.msn.com.pk/

    I think it’s hacked..

  • hahaha Thats real bad !
    They must hire me :P to get there wpconfig screwed well !

  • Kamal Ashraf

    oh no, aesa nahi hona chahiye tha.

  • Why dont these people go for and apply proper means of security like preventing ways of website being attacked by brute force….. :(

  • Ali

    WordPress.. WordPress.. O Poor WordPress.

  • Talha

    Use html5