Two nights ago, one of my other sites at franklinveaux.com came under a persistent, aggressive SQL injection hack attack. I firewalled off the addresses where the hack came from, went to bed, then woke the next morning to an inbox full of automated notifications thiat this site was under attack from the same IP addresses.
These notifications went on for about six more screens, so if you’ve noticed that the More than Two site has been acting weird or been slow to load, you’re not imagining it.
These attacks do seem deliberately targeted. Any site on the Web, no matter how obscure or unknown, is likely to get a certain amount of automated probing and hack attempts; that’s simply part of the background noise of the Internet. But this isn’t that.
I host sites for friends as well as my own, sites which have no obvious connection to me at all, and monitor those sites for intrusion and hack attempts to establish a sort of “baseline Internet suck level.” All sites get probed and hacked, because the hackers use automated tools to scan sites for weaknesses. (Side note: if you think you don’t need to worry about security because you run a little site for your friends and family that only fifteen people have ever visited, well, I have bad news for you.)
I’m used to my sites being probed for vulnerabilities; in fact, I wrote about it on my personal blog a while back, Hacking as a Tool of Social Disapproval.
But this is not that. This is, in fact, the most targeted, aggressive hacking attempt I’ve ever experienced against any of my sites.
I looked up the IP addresses where these attacks are originating, and discovered something interesting. They come from servers belonging to a company that is incorporated in the Seychelles but whose servers are located in Latvia.
The company is called “Verasel, Inc.” and man, I gotta say, this site makes my skin crawl.
Their home page announces, in large block letters, ”WE DO NOT JUDGE, ARGUE OR INTERFERE!
All-in-one, Privacy-First Infrastructure for Online Entertainment Projects. For businessmen who require uncompromising privacy for themselves and their families.” They accept payment only in Bitcoin, communicate only through disposable emails or Telegram, and collect no information, not even names, of their hosting clients.
It’s hard to look at that as anything other than “we specialize in hosting kiddie porn.” I mean, yes, I’ve seen “privacy focused” web hosting companies before, but none quite so blatant about what it is they host.
And it gets worse. I clicked on their Telegram chat link, not because I honestly believed they’d do anything about the attacks originating from their servers on this site, but just to see what would happen. Their Telegram avatar is an image of a woman being beaten bloody.
I guess they make it pretty plain who their market is. Given that, it’s no surprise they permit hack attacks from their servers.
To be clear, I don’t think Verasel Inc. is trying to hack this site. I think one of their customers is trying to hack this site, using their servers as a platform to do so, and they don’t care.
The hack attacks themselves are fairly sophisticated SQL injection attacks, the kind of attack XKCD made famous with little Bobby Tables.
Essentially, a SQL injection attack attempts to hack a site by embedding database commands inside of something innocuous, like a header or a bit of text, in the hopes that the computer being hacked will blindly execute the commands without checking.
I keepWordPress updated and run extra security software on top of that as well (and if you use WordPress, you should, too!), so the attacks aren’t successful, but they’re coming in with such ferocious frequency they’re causing site slowdowns. I’m aware of the problem and I’m working to address it.
In the meantime, I must confess it makes me a bit sick to my stomach to know that sites like Verasel exist.
0 Comments