Deep Hosting: ‘Your best choice’ hacked!
Dark Web hosting service 'Deep Hosting' was hacked during the weekend. Concerns are that some sites had been exported. It is possible that linked databases were downloaded.
Not a week passes but a report in the media tells of websites and server hacking, leaked databases or the distribution of malware.
Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or to evaluate system weaknesses to assist in formulating defenses against potential hackers.
Last weekend dark web host Deep Hosting became a victim. The hack was carried out by a hacker calling himself Dhostpwned, according to Bleeping Computer.
According to a wiki page published by the Deep Hosting administration, the hack took place after the hacker registered a shared hosting account on their service, and used it to upload two shells on their servers, one written in PHP and one in Perl.
A Deep Hosting investigation into the events that preceded the hack showed that the attacker was not able to execute the Perl shell, but the PHP version worked just fine.
“A large part of the PHP shell is unusable since a certain number of functions are blocked on the shared servers but one function was not blocked,” Deep Hosting wrote in a wiki page detailing the security incident. “The attacker was able to access the server and execute a commands [sic] with limited rights.”
According to a timeline of their investigation, it took the Deep Hosting team almost a full day to understand what really happened, detect the point of intrusion, and change FTP and SQL passwords for all their user accounts.
Here is what admin gunshot has to say on the site’s wiki:
Hacker Dhostpwned shared with Bleeping Computer a list of all the sites he managed to reach from the Deep Hosting server he initially hacked. The list includes 91 .onion websites and is embedded at the end of this article. Most of these sites went down, after the Deep Hosting team reset MySQL passwords.
The list includes all sorts of Dark Web services, ranging from drug markets to counterfeit money shops, and from hacking forums to carding vendors.
“I hacked them,” Dhostpwned told Bleeping Computer’s Security News Editor Catalin Cimpanu in a private conversation. “Their shared hosting was appauling [sic] in terms of security.”
“I’ve got the majority of files hosted from the site, all of their sql dbs,” the hacker added. “There was an assassination network hosted on it but i didnt end up getting into that since it was a vps hosted by them and they didnt have any sort of panel to access the vps.” (Editor’s note: Dhostpwned is talking about the Assassination NETWORK, previously reviewed on darkweb.world. Read the article here.)
Notwithstanding, Dhostpwned managed to gain access to other servers, including the one hosting the M.N.G Market, a small french marketplace that is selling various illegal products, mainly drugs. He uploaded the following text file in the server’s public root folder to prove his claim.
Moments after he uploaded his text file, the M.N.G Market went down, as Dhostpwned admitted to accidentally wiping their hard drive’s master boot record.
According to Dhostpwned, the M.N.G Market team also used a VPS server to host their platform, but unlike others, had neglected to change the default password for the VPS.
This is not the first time a Dark Web hosting provider has been hacked. Earlier this year, members of the anonymous hacker collective breached and dumped the database of the Freedom Hosting II free dark web hosting service. They said they hacked the hosting provider because they found out that Freedom Hosting II knew customers were hosting child abuse sites on their servers but did nothing about it. Freedom Hosting I was hacked for the same reason back in 2011.
At the time of writing, Dhostpwned has not dumped any data from Deep Hosting or its clients, and said he doesn’t plan to do so.
Epilogue: The M.N.G Market has restored its database and the portal is up and running again.