# RaptorNode has been apparently hacked.



## MannDude (Jul 27, 2014)

Doing my rounds on WHT as I sometimes do, and see someone has posted that RaptorNode has been hacked. See the screenshot below:



Src: http://www.webhostingtalk.com/showthread.php?t=1397485

What it looked like before: https://web.archive.org/web/20140625113831/http://www.raptornode.com/

It appears unclear at this time if this is a simple website defacement or if there has been any breach of data. Regardless, if you're a RaptorNode customer please be aware and take necessary steps to ensure the security of your data.


----------



## drmike (Jul 27, 2014)

I'd expect the Indonesian Cyber Army to post some boobies or something that offends their ruling party.

Hacking for Gaza, how nice....  War, what a racket.


----------



## KuJoe (Jul 27, 2014)

They host their website on a cPanel server, this is why I try to avoid hosting critical websites on a shared webserver with other websites since I can guarantee the cPanel server has a few Wordpress installs which are major targets and easily the weakest link on the server.

EDIT: More info.

Their cPanel hostname: https://web02.fractionhost.com:2083/

Are they related to fractionhost.com or just using their shared hosting for their website?


----------



## Kayaba Akihiko (Jul 27, 2014)

Why were they even targetted?


----------



## MannDude (Jul 27, 2014)

Kayaba Akihiko said:


> Why were they even targetted?



I would imagine that it is just as likely to be a random act just as much as it was a targeted one. <shrugs>


----------



## AThomasHowe (Jul 27, 2014)

Kayaba Akihiko said:


> Why were they even targetted?


These aren't targeted attacks. They find one weak link on the server (as KuJope says, an old Wordpress install or whatever) and proceed to upload an index file to as many accounts as they can on the sever until they get booted. RaptorNode is just collateral damage.

If you add index.php to the URL you can see their old homepage:

http://raptornode.com/index.php


----------



## Kayaba Akihiko (Jul 27, 2014)

AThomasHowe said:


> These aren't targeted attacks. They find one weak link on the server (as KuJope says, an old Wordpress install or whatever) and proceed to upload an index file to as many accounts as they can on the sever until they get booted. RaptorNode is just collateral damage.
> 
> If you add index.php to the URL you can see their old homepage:
> 
> http://raptornode.com/index.php


Oh, I see, thanks for informing me!


----------



## yolo (Jul 27, 2014)

Can I say i'm surprised? Not really. The owner is a HackForum member.


----------



## Mun (Jul 27, 2014)

that html code


```
<h3>-= PayForGaza =-<h3>
<BR>
hacked by: INDONESIAN CYBER ARMY
```


----------



## drmike (Jul 27, 2014)

Mun said:


> that html code
> 
> 
> 
> ...


Hey, it still works....  Expect them to go full blown Bootstrap for a hack  ?


----------



## DomainBop (Jul 27, 2014)

Kayaba Akihiko said:


> Why were they even targetted?


The hacker had no way of knowing the website wasn't owned by the IDF because RaptorNode's WHOIS is private.  Public WHOIS would have avoided this confusion. 



> Are they related to fractionhost.com or just using their shared hosting for their website?


Hard to tell if there's a relationship since both use private WHOIS.  Public WHOIS would have avoided this confusion.


----------



## Mun (Jul 28, 2014)

drmike said:


> Hey, it still works....  Expect them to go full blown Bootstrap for a hack  ?



but they didn't even close their tags


----------



## raindog308 (Jul 28, 2014)

AThomasHowe said:


> as KuJope says


I think KuJope is @KuJoe 's distant cousin from Bangalore.


----------

