Im not here to drop conspiracy theories about why Nairaland was attacked. There are many possible reasons why this could've happened; competitors, internet terrorists asking for a ransom, aggrieved potential buyers, jobless / bored hackers, someone whose posts never made front page..... and the list goes on, but conspiracy theories just aint my thing. What i find interesting is HOW NAIRALAND WAS ATTACKED, as in, the technique the attackers might've used. About a week before Nairaland got attacked, i'd been seeing signs of an imminent attack; signs i've come to attribute to a botnet kind of attack over time. To break it down, it seems the attackers were actually using some of our laptops (and maybe phones) to launch rebounding (amplified) attack codes @ Nairaland (possibly XSS).
Some of you might ask why i didn't raise an alarm. Well, its simple, some dude raised an alarm about Nairaland containing some adware and another said his Nairaland account had been hijacked and noticed some strange stuff on his account. These people (from their choice of words) were laymen so it must've been easy to brush their observations aside. I believe the Nairaland Team had noted their observations anyway, so why cry "Fire" without being sure. Seun has sacrificed a lot to build this fortress (we should be proud of him) and i won't be the one to tarnish Nairaland's image.
I was interested in what these two fellows had reported (so unIT-like though) so i did a little investigation by creating a new Nairaland account then. I was able to register the email address but could not go past the part where you pick a username and password to finalize the registration process, i kept getting an error message which meant that some additional strings were being passed along with my username and password . I then turned to Hydra to tell me more about these strings. There were two possibilities; either a shell was resulting in a broken code or i was looking at some form of injection attack (must've been @ mapping stage from the looks of the code).
I believe that the core strategy of this attack is infected devices using Nairaland (although i can't prove it beyond reasonable doubt) and it might just be a few of them. I don't think the infection could've spread among devices (although I might be wrong for unprotected devices) because i involved Norton IS during the whole process and should've got an intrusion alert if there was an attempt.
I believe LindaIkeji's blog is one of the next set of targets (due to its huge traffic) and the attack is likely going to be a Remote File Inclusion attack via script embedded images AT THE COMMENTS SECTION. The attackers strike me as too smart to attempt a Bruteforce (that would be stupid) or server level attack (that would be them versus Google).
To cap this all up, i really wonder why some people just want to frustrate other people's successes. Maybe hacking makes them feel more powerful or something, i wouldn't know, but its just plain cowardly. I could understand hacking a company's website or government website just to drive home a point (still doesn't make it right) but haba, attacking places where people break away from the daily hassles of life? Who does that!!!

If you've been looking for a reliable webhost then here's Free Webhosting in Nigeria for you. Enjoy