I remember my first interaction with BANS, and it was horrible, but oddly enough, it started with me visiting their site and was surprised to see that my browser was prompted for downloading the PHP source code? I noticed that DB connection string was exposed, so I quickly notified BANS via digital point forums. They were aware of the problem (as to why they didn’t disable the site completely during the outage is surprising). You’d think DB connection strings would be quite useful to hackers.
Fast forward 8 months or so to today, and I was surprised to see that someone stated that the site was hacked on the forums. I had to check it out, since I haven’t been to the BANS site in a long time, and sure enough, I was viewing the following screen(s):
Nationwide Internet Banking? Possible phishing site? Either way, bad for BANS. From their buggy release of v3.0 to this? It does look however to possibly be a classic server wide defacement and may not be isolated to buildanichestore.com, since subpages are still operational. Most likely it was default document hack on the web server that is causing this. If that is the case, they might need to consider a new host, since the problem I experienced last summer was a server issue as well. Personally, this is annoying to me, since I know I have personal information most likely stored on that database, and we have to easily assume that that information is compromised as well.
Here is more information about this particular hack:
http://phishery.internetdefence.net/data/9252/
3 Comments
Leave a reply →