Today some Pakistani / Russian group tried to hack our website
Sometimes we don’t feel our websites are important and leave them unsecured and most of the organizations don’t take websites seriously.
Websites represent our organization on the world wide web. They need to be secured not only because the site represents organization but many websites are linked to applications like CRM’s, Subscription mailers and have client and subscriber information stored in them.
Websites getting compromise means this subscriber data is compromised, site content can be changed and malware can be infused in the site which will infect visitors visiting the site. This will contribute to bad reputation for the website and the organization.
That was not the case with our TechnoPlanet Enterprise website. We secure each and every Segment and Layer of our Network and Application.
Our Website has WAF implemented and over that we have a rigorous monitoring system, which checks and reports any anomalies.
The site has a page where people can register and check case studies. Though the page is still in development, still we have secured the page and users who register / subscribe to the site can gain access to our case studies.
The page has a registration form. To register the user has to use a valid email ID, as system sends a activation code which is required to activate the account before you gain access to the case studies.
Every time you login a code is sent to the registered ID as 2FA (Two Factor Authentication) is enabled on the site. We have implemented 2FA for all kinds of authentications. Whether it’s Enterprise Network or Application Access.
2FA can be configured to use Authentication apps like Microsoft Authenticator or Google Authenticator.
On Google Play Store – Microsoft Authenticator & Google Authenticator
On Apple Store – Microsoft Authenticator & Google Authenticator
Coming back to the reason for writing this article. Our team reacted fast after we received notifications about the breach.
In our initial mitigation we found below information
The user used a email address which was created to hack into websites and applications. Since the AI implemented on our system detected the email address as not valid. A warning flag was raised and the support team were informed. (test26557302@wintds.org)
Team immediately disabled login for the user as user was trying to access pages which were not permissible for the access group the user belonged to.
On looking up the IP addresses we found that the
- The user IP belonged to Saint Petersburg in Russia
- The Domain belonged to a person in Jhang Pakistan.
- The dummy website is hosted somewhere in Meppel, Netherlands.
With so many different countries involved. Dummy email address, Website and Whois Name this is surely something related to hack.
Implementing sites with smart tools helps save organizations with expensive restorations costs, downtimes and reputation loss.
Notification:
Event: Post Update
Website: https://technoplanetenterprise.com
IP Address: 46.161.14.104
Reverse IP: 46.161.14.104
Date/Time: July 22, 2021 9:55 am
Message: Status has been changed; details: ID: 1875,Old status: new,
New status: publish, Title: test26557302@wintds.org
Visit our website to know more about our service offerings.
Leave a Reply