ProPakistani Was Hacked and Here is the Complete Story

ProPakistani-LogoBy now, it is likely that you might be aware of the fact that ProPakistani was hacked during this weekend. It was not the first time that ProPakistani was targeted by hackers, but it was only the second time that ProPakistani was defaced in over five years of its existence.

First defacement was due to a flaw in PKNIC, when ProPakistani along with Google and other over 300 .PK domains were defaced.

About recent hacking incident, first thing first, it was our mistake that the website got hacked. We were not up to the mark in securing it and were not able to see this coming.

Having said this, hackers exploited a zero day vulnerability in vBulliten (the script that we use for Forum section) was still unpatched. Through this they penetrated into server and were able to take control for a brief time.

During or after the hack, no data was lost. And everything is in tact.

Luckily, ProPakistani has this history of tracking down its hackers, to their home addresses, home phone numbers, cell phone numbers and so on. This time too, we were able to track the hackers and literally spoke with them over the phone.

After securing our server to an extent, we did our investigation and started collecting data from our friends. With their help, we were able to track down 1337 or shadow008 and H4x0rl1f3 or Dr.Trojan, the lead hackers of the group that had claimed defacement of ProPakistani.

Within 24 hours, we had all sorts of details on these hackers, including their real names, cell numbers, home addresses and more. Instead of getting these guys nabbed, I thought of getting it done the sweeter way. I called up the hacker (he’s out of Pakistan) and gently asked him to stop doing this. Not surprisingly, he accepted the offer.

There were few thoughts exchanged, including apologies and call ended after few minutes on a good note.

We are sorry about the episode. Rest assured, we are making all kind of efforts to make sure that this doesn’t happen again.

Tech reporter with over 10 years of experience, founder of ProPakistani.PK


  • zulu

    chicken

  • zulu

    chicken

  • zulu

    chicken

  • zulu

    chicken

  • zulu

    chicken

  • Teeth Maestro

    I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

    • aamir7

      Thank you Doc for complimenting.

    • aamir7

      Thank you Doc for complimenting.

    • aamir7

      Thank you Doc for complimenting.

    • aamir7

      Thank you Doc for complimenting.

    • aamir7

      Thank you Doc for complimenting.

    • +1

    • +1

    • +1

    • +1

    • +1

  • Teeth Maestro

    I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

  • Teeth Maestro

    I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

  • Teeth Maestro

    I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

  • Teeth Maestro

    I really do like how you handled this situation – mistakes will always be made – but it is how you deal with it that sets you apart – Glad to see ProPakistani back in action – well done Atta

  • Luqman Khan

    Lesson learned by all! Thumbs up!

  • Luqman Khan

    Lesson learned by all! Thumbs up!

  • Luqman Khan

    Lesson learned by all! Thumbs up!

  • Luqman Khan

    Lesson learned by all! Thumbs up!

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • I guess it’s a wake up call to take the security more seriously. Aamir admitting the mistake is a good thing (although it wasn’t entirely his fault ;)) .. ProPakistani will get more powerful and secure due to this incident. As they say, “What doesn’t kill us makes us stronger”. :)

  • Jk

    Muk Muka ?

  • Jk

    Muk Muka ?

  • Jk

    Muk Muka ?

    • Nadeem Malik

      not muk muka ,, a smart to way to handle this ,,

    • Nadeem Malik

      not muk muka ,, a smart to way to handle this ,,

    • Nadeem Malik

      not muk muka ,, a smart to way to handle this ,,

    • Nadeem Malik

      not muk muka ,, a smart to way to handle this ,,

    • Nadeem Malik

      not muk muka ,, a smart to way to handle this ,,

    • Waqas

      what else he could do :D

    • Waqas

      what else he could do :D

    • Waqas

      what else he could do :D

    • Waqas

      what else he could do :D

    • Waqas

      what else he could do :D

  • Jk

    Muk Muka ?

  • Jk

    Muk Muka ?

  • moxet

    Better to solve issues in a decent way as you did.
    We <3 ProPakistani.

  • moxet

    Better to solve issues in a decent way as you did.
    We <3 ProPakistani.

  • moxet

    Better to solve issues in a decent way as you did.
    We <3 ProPakistani.

  • moxet

    Better to solve issues in a decent way as you did.
    We <3 ProPakistani.

  • moxet

    Better to solve issues in a decent way as you did.
    We <3 ProPakistani.

  • Eli Ehsan

    #NayaPROPAKISTANi ?

  • Eli Ehsan

    #NayaPROPAKISTANi ?

  • Eli Ehsan

    #NayaPROPAKISTANi ?

  • Eli Ehsan

    #NayaPROPAKISTANi ?

  • Eli Ehsan

    #NayaPROPAKISTANi ?

  • Ahsan Ijaz

    hahaa milnte b ki ha ye b tu bta

  • Ahsan Ijaz

    hahaa milnte b ki ha ye b tu bta

  • Ahsan Ijaz

    hahaa milnte b ki ha ye b tu bta

  • Ahsan Ijaz

    hahaa milnte b ki ha ye b tu bta

  • Ahsan Ijaz

    hahaa milnte b ki ha ye b tu bta

  • Haroon

    You should be in the FBI.

  • Haroon

    You should be in the FBI.

  • Haroon

    You should be in the FBI.

  • Haroon

    You should be in the FBI.

  • Haroon

    You should be in the FBI.

  • Ghulam Sarwar

    Better to send them behind the Bars!

  • Ghulam Sarwar

    Better to send them behind the Bars!

  • Ghulam Sarwar

    Better to send them behind the Bars!

  • Ghulam Sarwar

    Better to send them behind the Bars!

  • Ghulam Sarwar

    Better to send them behind the Bars!

  • UA

    And here is the screen shot of it which I took…

  • UA

    And here is the screen shot of it which I took…

  • UA

    And here is the screen shot of it which I took…

  • UA

    And here is the screen shot of it which I took…

    • Khurram ShahzAd

      Where :-p

    • Khurram ShahzAd

      Where :-p

    • Khurram ShahzAd

      Where :-p

    • Khurram ShahzAd

      Where :-p

    • Khurram ShahzAd

      Where :-p

      • UA

        cant you see?

        • Khurram ShahzAd

          Now I can, not sure why it didn’t appeared on that page load. I was not signed in, even after sign In and before comment, i couldn’t see it. But now I can. So not your fault :-)

        • Khurram ShahzAd

          Now I can, not sure why it didn’t appeared on that page load. I was not signed in, even after sign In and before comment, i couldn’t see it. But now I can. So not your fault :-)

        • Khurram ShahzAd

          Now I can, not sure why it didn’t appeared on that page load. I was not signed in, even after sign In and before comment, i couldn’t see it. But now I can. So not your fault :-)

        • Khurram ShahzAd

          Now I can, not sure why it didn’t appeared on that page load. I was not signed in, even after sign In and before comment, i couldn’t see it. But now I can. So not your fault :-)

        • Khurram ShahzAd

          Now I can, not sure why it didn’t appeared on that page load. I was not signed in, even after sign In and before comment, i couldn’t see it. But now I can. So not your fault :-)

      • UA

        cant you see?

      • UA

        cant you see?

      • UA

        cant you see?

      • UA

        cant you see?

  • UA

    And here is the screen shot of it which I took…

  • Khurram ShahzAd

    One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

  • Khurram ShahzAd

    One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

  • Khurram ShahzAd

    One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

  • Khurram ShahzAd

    One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

  • Khurram ShahzAd

    One group of hackers is dealt with smartly, threats would always exist. These forum scripts are highly insecure, I had been hacked due to one, years ago.

  • JjTheMan

    hey, ksi k pas mirror he propak k hack ka?? rply me

  • JjTheMan

    hey, ksi k pas mirror he propak k hack ka?? rply me

  • JjTheMan

    hey, ksi k pas mirror he propak k hack ka?? rply me

  • JjTheMan

    hey, ksi k pas mirror he propak k hack ka?? rply me

  • JjTheMan

    hey, ksi k pas mirror he propak k hack ka?? rply me

  • Shahid Saleem

    Say NO to PHP.

    • Kashif Rehman

      PHP is rocking the world..

      • Shahid Saleem

        How do you get that feeling? From the number of developers and sites that use it? Well, guess what. That says nothing about QUALITY. There isn’t as much quality software in PHP, compared with other languages.

        That’s just the way it is.

        Windows rocks the desktop but you know you’re safer with Linux or OS X.

        • moxet

          Wrong! Even google get hacked. There is no absolute solution to secure yourself 100% online. Say Yes to PHP

          • Shahid Saleem

            Google has not been hacked by any WEB-based attack that I know of (and no, DDoS does not count). So, you’re wrong.

            • PeeDroid

              We Should Learn From The Past That Ignoring You Is The Best Option..
              In Real Life You Are Nothing But A Looser..
              God He’s So Annoying..

              • Shahid Saleem

                I am a loser in real life, that is true. After all, I post comments here. What more evidence is needed? :):):)

          • Shahid Saleem

            You are a class 1 MORON. Your linked article on Google Palestine attack clearly says

            Whatever the case, the hack seems to have been a redirect of the site rather than a direct access into Google’s servers, and it was fixed within hours.

            It was nothing more than the same flaw that affected google in Pakistan a few months ago. A domain registry problem. Confirmed by reports on Techcrunch.

            NO DATA OR SERVER OF GOOGLE WAS AFFECTED.

        • Kashif Rehman

          Quality & security of software is related to the way of coding by developer not by programming language, Vulnerabilities are caused mostly by not following best-practice programming rules, PHP is open source and open source software is made available for anybody to use or modify thats why more then 244 million websites are developed in PHP.

          • Shahid Saleem

            So what explain the fact that open source PHP has more sites and libraries with security problems than open source Python, open source Ruby, etc etc?

            It’s very simple. I’ll give you an analogy. Clifton is in Karachi. Lyari is in Karachi. Both places have Pakistanis. In both places you can get electricity, water, sewage hookup, cable TV, DSL, etc. Yet, given a choice, people prefer Clifton to Lyari. Why? It’s all because of the neighbours, right? The nature of the place is different.

            Same with PHP and other languages. The ecosystem for PHP is very very bad.

    • Amir

      It’s not the PHP but developer’s mistakes. Don’t curse the language.

      • Shahid Saleem

        Look at propakistani posts itself, how many sites has it reported being defaced in the past eight months in Pakistan? How many DIDN’T run PHP or VB? I can’t recall a single one but maybe I missed something.

        Every time I heard of an exploit or problem, 7/10 it is either PHP or VB.Net, 2/10 it is Ruby (using Rails), 1/10 other languages & runtimes.

        What does that tell you? Bad language, or lots of bad PHP programmers? Why not use a better system? A language or system that DOESN’T attact bad programmers? Assuming the problem is programmers and not the language…

        • Amer

          It’s not PHP’s fault to be open source and let any noob use it.

          • Shahid Saleem

            But Ruby on Rails is also open source. Django is open source. Spring+Hibernate, Scala, Flask, etc etc are all open source.

            Think again.

            • May I ask, what language(s) do YOU use?

              • Shahid Saleem

                In order of actual use: Java, Python, Ruby. But I prefers Python or Ruby.

                For web stuff Python.

        • Are you really that naive or are you trying really hard to look like one?? It’s not the language, its program/script that is exploitable. If you don’t see sites in other languages getting hacked, its not because they are more secure. It’s because there are not many sites based on other languages.

          PHP rocks. As simple as that.

          • Shahid Saleem

            The HUGE NUMBER of BADLY written scripts/modules/etc in PHP is the problem. But tell me, Mr PHP Rocks Man, If PHP is so great, why is it so hard for even PHP experts to write security-hole-free software in PHP?

            Example: Hundreds of thousands (if not millions) of sites use PHP software like WordPress. Thousands of businesses depend on it. Would you care to guess how many security updates WordPress core (not plugins, not extra themes, but the CORE software) has had in the past few years? Or in just this year?

            It’s too easy to write bad code in PHP. That’s why there’s a lot of bad code floating around the internet. Do you really believe there isn’t a Ruby gem or Python package or Perl module for whatever you do in PHP? You can 100% find code to perform the same functionality in other languages. Nothing unique about PHP there.

            It comes as zero surprise to me that this site was hacked through a PHP bug.

            • Truth Teller

              STOP commenting and do something useful with your life.

              • Shahid Saleem

                0% of the software I have written has been hacked in the past 20 years. Yes, I’ve been attacked. Never defaced.

                Coincidentally, almost 0% of the software I have written is in PHP.

                The thing is, even if everything I write is secure, I cannot be 100% certain that the software libraries I use are secure. With PHP, I am certain that the more libraries I use, the closer I get to being hacked. With other languages, not so.

          • Shahid Saleem

            Even Facebook uses PHP (for part of their frontend site, very little of the backend). But they’re at least smart enough to use their own virtual machine system (HipHop) and other changes to make it very very hard to break into Facebook using a PHP hole. Sure, it is possible to write secure software in PHP. But you need DISCIPLINE.

            Using other languages forces you to have discipline. You want shortcuts, use PHP/VB. If you don’t want a real language with real solutions to problems (instead of fake objects and idiotic == vs === issues), then good luck, you’re going to write the next hackable site.

        • Truth Teller

          Every language is hackable. May be you invent new one which can’t be hack?

          • Shahid Saleem

            Wrong. No language is “hackable”. Code written in languages can be good or bad: with PHP, it is overwhelmingly bad.

            Your unwillingless to understand this point is what leads you to be hacked.

  • Shahid Saleem

    Say NO to PHP.

  • Shahid Saleem

    Say NO to PHP.

  • Shahid Saleem

    Say NO to PHP.

  • Shahid Saleem

    Say NO to PHP.

  • AJ64

    You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • AJ64

    You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • AJ64

    You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • AJ64

    You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • AJ64

    You dealt a smart blow and that’s the way to go. Now please ask that guy to do some defacement on a few Indians. Cyberspace is powerful enough to take revenge of their atrocities in Kashmir and LOC.

  • Nouman Younas

    That’s great ,, Shukar hy ANti Pakistani hackers nahi thy..

  • Nouman Younas

    That’s great ,, Shukar hy ANti Pakistani hackers nahi thy..

  • Nouman Younas

    That’s great ,, Shukar hy ANti Pakistani hackers nahi thy..

  • Nouman Younas

    That’s great ,, Shukar hy ANti Pakistani hackers nahi thy..

  • Nouman Younas

    That’s great ,, Shukar hy ANti Pakistani hackers nahi thy..

  • Abbu

    we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • Abbu

    we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • Abbu

    we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • Abbu

    we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • Abbu

    we all know Shadow and Haxorlifes address and phone. Xploiter leaked it long time ago. Kuch naya lao :*

  • Saleet

    And you woked up … !!!!!!

  • Saleet

    And you woked up … !!!!!!

  • Saleet

    And you woked up … !!!!!!

  • Saleet

    And you woked up … !!!!!!

  • Saleet

    And you woked up … !!!!!!

  • Hassan Zobeen

    approx 2 months before i told Amir Atta that your Vbulletin’s security level is zero it was a little bug, but I thought when search over it you will get some more information.

  • Aamir is a cool man, He is smart enough to handle it :)

  • Imran Hunzai

    A hacker said sorry. Wow!

  • Sajid

    Next time i’ll bust into your house/office, call me and we’ll have a good laugh…

    • hassan

      Lol … i cracked hard after reading this :D

    • 1337

      HAHAHAHAHAA, LMAO !
      You surely made me LOL hard =))
      Regards
      1337

  • hassan

    please Propakistani publish the real news :P

  • rock shah

    hahaha fake news you can not trace hackers

  • ali

    jhoot itne b tez ni ho ge ap its just a simple IT blog not a government owned

  • Hackers ke sath aik photo hi banwa letay :D Takay Sanad rahay aur Bawaqt e Zarorat kaam aye

  • Truth Teller

    I think admin didn’t handle the situation well. If they got the details of those hackers. It should come to public. These hackers not going to stop, I tell you and you didn’t take action against them to teach the a good hacker and set the example for others. Because of you guys such hackers exists on net and keep hacking other pakistani website. Admit it either you get scared from them or you are just suppoting pakistani noob hackers around.

    • Shahid Saleem

      I’m going to agree with this. These wannabe hackers are causing mischief and harm. If they truly wanted to solve problems, they’d hack into your site and fix the bugs. They’d also provide vulnerabilities to the authors of the hacked software.

      They’re just having fun at everyone else’s expense, maybe not caring that fixing every defaced site causes a lot of stress, if not money.

  • Muhammad Shams

    Everyone of us commit mistakes not big deal, but the important is to admit one’s own faults. You did so. It shows your greatness. I do appreciate it. Secondly accessing till roots is also your brilliance. I am happy you are a good professional.

  • This Post is more of an Announcement for HACKERS that “WE WILL FIND YOU” so beware :D

  • Yasir Mahmood

    Wah yar..
    @aamir7:disqus.Yar You Must Join FIA ,Quite a Big Detective,,,

  • asim

    Pretty shameful how you handled it. These hackers will obviously target other pakistani sites , and you let them go.
    It is the same as forgiving a serial rapist by not informing the police. He will go rape the next girl he can.

  • omer

    The Hacker is actually Dr. Tahir-ul-Qadri, Amir Atta is Qamar Zamaan Kaira and Pro-pakistani is D-chowk.. Every situation is the same.
    Inside the container we did not know what happened, and here we also did not know PARDE KAY PECHAY KYA HAI

  • Ali Ahmed Qureshi

    I think the best way to be secure is to hire a security expert to do ethical hacking on quarterly basis….or to outsource it to anothetr company!!!