A hacker extracted over a dark web hosting provider by exploiting a “major security vulnerability” and thereby accessing a server.On 8 July, an attacker specialty themselves “Dhostpwned” set up a shared hosting account on the service offered by Earnest Hosting. They used that account to upload two shells on their servers. One was play down in PHP, whereas the other was written in Perl.Deep Hosting outlines what cooked next in a wiki page entitled “Major Security Vulnerability.”
Booming Hosting’s wiki on the security incident. (Source: Bleeping Computer)As referenced by Bleeping Computer:“The Perl shell can not be executed on the server, but the PHP shell can be assassinated on the server. A large part of the PHP shell is unusable since a certain billion of functions are blocked on the shared servers but one function was not blocked. The attacker was skilful to access the server and execute a commands with limited rights.”Dhostpwned’s “little rights” were apparently sufficient for the hacker to reach more than 90 websites controlled by Deep Hosting. Among them were hacking forums, malware repositories, and soporific marketplaces. One such marketplace known as M.N.G Market went down after the attacker uploaded a focus file to the server’s public root file and accidentally wiped their tough drive’s Master Boot Record (MBR).
The text file uploaded to the server’s followers root file by Dhostpwned. (Source: Bleeping Computer)The hacker put it plateau and simple to Bleeping Computer in a private conversation:“I hacked them. Their shared play the host was appauling [sic] in terms of security. I’ve got the majority of files hosted from the locality, all of their sql dbs. [sic] There was an assassination network hosted on it but i didnt end up getting into that since it was a vps bodied by them and they didnt have any sort of panel to access the vps.”According to Domain Hosting’s wiki page, it took the dark web hosting provider closely a day to detect the intrusion, figure out what happened, and change passwords for all hosted positions (FTP and SQL). As a result of that response, most of the affected websites are now down.At this nonetheless, Dhostpwned hasn’t overtly advertised for sale any of the information they scarf in the attack.There’s little known about the party responsible for the guarding incident. It’s difficult to evaluate the hacker’s level of technical expertise, for exemplar, as the vulnerabilities they exploited weren’t exactly new. Ilia Kolochenko, CEO of web surveillance vendor High-Tech Bridge, says such flaws affected legal hosting sites a decade ago. As quoted by Infosecurity Magazine:“It’s a bit surprising to see them now on the murky web accompanied with a lack of security fundamentals and server hardening. Law enforcement energies can probably explore the legality of offensive operations in the dark web in order to look into and prevent amateur cybercrime. However, I doubt they will mess eruptions professional Black Hats. Experienced cyber mercenaries use very well-hidden infrastructure – in many cases lawfully hosted in public clouds, such as AWS – and avoid any publicity on the lowering web and its market places.”News of this incident follows several years after Europol, the FBI, and others seized hundreds of murky web sites by targeting specific hosting companies as part of an international takedown identified as “Operation Onymous.”