Daniels Hosting, one of the largest Dark Web hosting providers, was hacked by hackers this week.
The hack took place on Thursday, 15, according to Daniel Winzen, the hosting programmer.
"According to my analysis it seems that someone managed to have it access in the database and has deleted all accounts," it says in the DH portal.
Winzen also reports that the server's root account has been deleted, along with 6.500 + Dark Web services hosted on the platform.
"Unfortunately, all data was lost and by design, it doesn't exist copies ασφαλείας”, δήλωσε ο Winzen. “Θα επιστρέψω ξανά τη φιλοξενία μόλις εντοπιστεί και διορθωθεί η ευπάθεια.”
I will make a full analysis of the log files, but based on my findings so far, I believe that the hacker was able to acquire database management rights. There is no indication that it had full access to the system and some accounts and files that were not part of the hosting remained intact.
I could reactivate the service once the vulnerability is found but first I have to find it.
So for the past two days, Winzen has been considering possibilities vulnerabilities which the hacker used to gain access to Daniels Hosting's hosting server.
At the moment, he detected a defect, a PHP 0Day. Details of this vulnerability were known for about a month only in the PHP programming cycles, and appeared to be released publicly on 14 November, one day before hack.
Winzen, however, does not believe he is the hacker's real entry point:
It is a vulnerability that was reported as a potential entry point by a user. However, I would consider it unlikely to have been the actual entry point, as the configuration files containing database access details were read-only for the appropriate users. This vulnerability did not grant the necessary privileges.
The German developer said that the hack could be "an opportunity to improve on some of the bad design choices of the past and start with a new improved service, which I will probably launch in December.
Note that after hacking at Freedom Hosting II, a popular Dark Web hosting provider in February of 2017, Daniels Hosting became the largest hosting provider on Dark Web.
Hack may have facilitated the fact that the Daniels Hosting source code was always open to GitHub and so could anyone read it and explore it.
_________________
- Illegal pricelists in Dark Web: Offers of illegality
- Revocation of Eric Schmidt from Chairman to Alphabet
- Windows 10 download the upcoming Wallpaper
