Daniels Hosting, one of the largest Dark Web hosting providers, was hacked by hackers this week.
The hack took place on Thursday, 15, according to Daniel Winzen, the hosting programmer.
“Σύμφωνα με την ανάλυση μου φαίνεται ότι κάποιος κατάφερε να έχει access στη βάση δεδομένων και έχει διαγράψει όλους τους λογαριασμούς”, αναφέρει στο DH portal.
Winzen also reports that the server's root account has been deleted, along with 6.500 + Dark Web services hosted on the platform.
"Unfortunately, all the data was lost and by design, there are no backups," Winzen said. "I will return the hospitality as soon as the vulnerability is identified and corrected."
I will make a full analysis of the log files, but based on my findings so far, I believe that the hacker was able to acquire database management rights. There is no indication that it had full access to the system and some accounts and files that were not part of the hosting remained intact.
I could reactivate the service once the vulnerability is found but first I have to find it.
At the moment, he detected a defect, a PHP 0Day. Details of this vulnerability were known for about a month only in the PHP programming cycles, and appeared to be released publicly on 14 November, one day before hack.
Winzen, however, does not believe he is the hacker's real entry point:
Είναι μια ευπάθεια που αναφέρθηκε ως πιθανό σημείο εισόδου από έναν χρήστη. Ωστόσο, θα θεωρούσα ότι είναι απίθανο να υπήρξε το πραγματικό σημείο εισόδου, καθώς τα configuration files που περιείχαν λεπτομέρειες access στη βάση δεδομένων ήταν μόνο για ανάγνωση για τους κατάλληλους χρήστες. Αυτή η ευπάθεια δεν έδινε τα απαραίτητα δικαιώματα.
The German developer said that the hack could be "an opportunity to improve on some of the bad design choices of the past and start with a new improved service, which I will probably launch in December.
Let's mention that after the hack on Freedom Hosting II, a popular Dark Web hosting provider In February 2017, Daniels Hosting became the largest Dark Web hosting provider.