Tue, 20 Aug, 2019

Details Behind Doko Site Getting Hacked

By Ankit Pradhan

Screenshot by: DWIT News

Last week, doko.dwit.edu.np, a web forum of DWIT was shut down and was under maintenance for nearly a week. The site was hacked by a group of hackers from Brazil who call themself Alfabeto Virtual. Now the question is that if the hackers were powerful enough to hack a site of DWIT (One of the top IT colleges of Nepal) how can we be sure that this kind of situation won’t arise again in the future? What exactly happened? How did the hackers get into the system? What was their purpose of hacking?

Actually the hackers were able to hack into the system by using SQL injections attack. SQL injection means that the hacker uses web page input to inject SQL commands into SQL statements. After injecting SQL command, the hackers alter the SQL statement and can get access to the security system and database. Hacker used the same method to hack into the DWIT system. But this isn’t just the reason that hackers were able to access the Doko site.

The WordPress site wasn’t updated on a regular basis. The scenario is, there are many bugs and vulnerability when WordPress is released and the developer try to fix those in the next release. The hackers take the advantages of those vulnerabilities to hack into the system. Before being hacked DWIT was using WordPress 3.3 which had 12 vulnerabilities and the hackers used one of those loop holes to get into system. Also, the server was outdated and this only aided the problem. So, taking this into account DWIT has to update the server in order to prevent any possible hacking that may occur in future.

The main purpose of hacking was to show the power and to leave their thumb print. They wanted to tell DWIT that their system isn’t secure and is outdated. Though they did not do anything harmful but they made many changes in system and were able to write their own code in the system. The file size of doko was doubled which caused difficulties to handle and find the written codes since he had to find the code written by hackers and be careful that original codes weren’t deleted.

It isn’t that just the site of DWIT that has been hacked. There are many other sites which were hacked in recent time. One of the sites of DWS was also hacked recently.

The whole situation suggests us to update our sites regularly and keep in track with the necessary security measures.