Holy Schmoly- our site was hacked

website-hacked

As you may have gathered, our site was hacked last month and malware was found. The trouble started shortly after we received an email from a -clearly- very disgruntled IME, referring to his multiple negative reviews on our site’s “rate an IME / IME List“, and stating that we caused upset in those injured workers who were due for an IME assessment with this man. He demanded an apology and requested we delete the reviews pronto…or else… Coincidence? Maybe…

threat

For OBVIOUS reasons, we won’t publish who this IME is, nor the full email we received shortly before malicious code was injected into our IME rating functionality.

Holy Schmoly- our site was hacked

The on-line trouble started with time-outs, that is we and fellow commentators kept having our comments timed out and were unable to post our comments, unless they were 3 words short. Soon after, we noticed (and were notified) that there was an issue with our “IME List” page, not displaying properly, then vanishing. The cherry came next: we were locked out from the website’s administration area, and were unable to view our site online (similar to an IP ban).

hack-IME-review

We obviously apologise for the issue and inconvenience and have spent the past few weeks getting it sorted. Yes, WEEKS!

Why did it take so long to restore a workcovervictimsdiary?

Before we did or could do anything, we had to determine if our website had actually been hacked. These are only a few common ways to tell if a website has been hacked. There is – generally – no single definitive indicator or sign. At times it will be obvious, but this isn’t always the case. There are commonly several possible signs that indicate that a website has indeed been hacked and these include for example: a defaced homepage/site (homepage or website has been visually changed by non-authorised individuals); inability to login to administrative areas; a very slow website; receiving warnings from your antivirus/browser of viruses or malwares from your website; search engine notification (you are notified by a search engine that your site may have been compromised – or your website’s search results show incorrect information, often advertising products that are not yours.), and a range of possible other problems such as our “time outs”, inaccessible pages (such as our IME List) etc.

Then we had to find out how our site was hacked. Finding out how we were hacked obviously helps to address security flaws. Some common ways you were hacked include:

  • Stolen login credentials: the site’s admin login credentials were somehow stolen. Many times by methods like social engineering, intercepting unencrypted emails, brute force cracking, etc. Thanks God, that was not the case.
  • Vulnerable script: Scripts on a website are sometimes vulnerable to attacks like code injections. Make sure scripts are always updated, like addons, modules, themes, etc. If your website has file upload functionality, a malicious file may also have been uploaded. In our case and on this occasion we managed to trace back the attack to a malicious code injection into our rate an IME functionality.
  • Virus & malware on local machine can also be the cause: A virus or malware on your local machine may have stolen login credentials or other sensitive material that may have compromised your website. Always make sure your computer is clean of viruses and malware. Ours was clean.
  • Host/shared server hacked: Your host/provider was hacked, compromising your information. When you’re on a shared server – if the others on your server has been hacked, there is potential that you may also be a victim. Again, that was not the case; we were the sole victim.

So after assessing the situation, we all came to the conclusion that our website had been hacked. So what do we have to do then?

We had to inform our host service provider and viewers/users that our site had been compromised.We tried to let our readers know aworkcovervictimsdiary had been hacked and even managed to upload a message on the home page. Then the dreaded Backup started of all our website’s content. Thanks God we did keep multiple copies of our site’s content (on and off line) just in case. But still…

At this point we had to not only work with our host provider but also contact a “professional” ( someone who is familiar with hacks and recovery procedures).  The long recovery process started:

Removing all of our current website content. We had to delete everything from our root folder to ensure all malicious material has been removed.
We also had to delete all cron jobs (scheduled automatic system maintain and administrative tasks) located in our web hosting control panel.
We had to check all our website databases to ensure they had not been compromised. Those who were (rate an IME function) had to be cleaned, by restoring a clean backup before using again. And finally we had to reinstall our site -Upload a clean copy of our entire website. We had to resort to reinstalling our site’s content from a clean back-up, just to make 100% sure the malicious code was gone.This also included having to update, reinstall and reconfigure all our site’s scripts, ensuring they’re connected to the proper databases and so it is that – coupled with one of us moving house and another one going through full litigation of their claim –  it took yonks!

Anyhow, we have now moved to a new cloud server and went back to a mid June backup to ensure none of the Malware was present. Again, we apologise for the inconvenience caused but do hope you will take the time to be a part of our community of workcovervictims again!

Best regards and thank you for your support!

 

[Dictated & manually transcribed on behalf of WCV]



This post has been seen 2531 times.

11 Responses to “Holy Schmoly- our site was hacked”

  1. haha I know who it was …. poor man. Or I suspect I do … check yur emails

    Thumb up 0 Thumb down 0

    • What type of IME was he? A Shrink?

      Thumb up 0 Thumb down 0

    • Glad this site is back up and running as I consider you mob to be the only support lifeline I have I disowned most members of my familt and the majority well most of my friends vanished so I consider you mob to be my family and friends….

      One problem i have encountered is I cant comment or post a question in the Vocational assessment section

      so I will post it here

      I have been ordered by FGU to now see a vocational assessor. I am to take a current resume with me and medical reports…a resume I dont have nor can afford to get done

      I had to get them to change appointment times as

      1. I have no transport on the day allocated and would only be an accident aka liability on the road should I drive

      2. the heavy meds I am on endone endep steriods etc keep my brain in zombie zone until late mid morning (then next dose is ready to take at lunch time)

      3. Cant walk far as walking is excruciating on injured leg so public transport is out

      4. I am broke due to the BS insurer cutting my benefits off and I have to fork out for surgeries etc from my own pocket.

      5. I have medical reports 3 in fact that say I have no work capacity

      6. 3 reports state I am not to do anything that requires being on my feet or having my leg bent.

      7. Centrelink put me on a disability pension due to my injuries and said I no longer need to work.

      8. The insurer knows they have farked up by cutting me off benefits before all the necessary treatment surgeries etc were carried out.

      So why the Faark are they now sending me to a “Vocational Assessor” ?

      I have science qualifications and they want me to be a receptionist or telemarketer…what a load of degrading BS

      I forgot to mention on top of my injury I have depression with anxiety adjustment disorder have panic attacks meeting and talking to strangers freak out if i have to answer phones and hate going outside or out and about…I love hiding indoors where I am left alone and feel safe!

      Last interim hearing FGU wanted us to start tossing numbers around as they know if we front the judge they are screwed..They told my lawyer that they would rather pay me out than spend more money…so why the Faark are they spending money on this crap!

      Any suggestions on how to handle this vocational assessor would be greatly appreciated!

      I want to be a member of parliament!

      Thumb up 0 Thumb down 0

      • @Deluded: there is NO doubt you are being sent to vocational assessor by your insurer for no other reason than to try and mitigate their (potential) losses re your claim (read: monetary compensation). It is standard practice and a last resourt “defense” tactic, in other words they’re hoping they’ll be able to show a court/judge/lawyer that you do have a (however minimal and unrealistic) work capacity, so they can use that to decrease your compo, and/or deny an economic loss payout. I wouldn’t worry too much about it (fact is more and more Judges do acknowledge and rule that a potential job must be really realistic) and just be truthful with the assessor – take all your medical reports showing no work capacity, proof that you are on disability pension too, and behave the way you truly are (if anxious, panicky, well don’t take anti-anxiety meds), and simply state that no matter how much you’d like to return to some meaningful work, fact is you can’t and it is not realistic. Highlight all the medication you are on as well, and clearly explain your problems with simple things like transport.

        Thumb up 0 Thumb down 0

        • @WCV thank you for your reply I have read the compensation thingys you mentioned. My Case was in front of the courts but got referred back to the judicial registrar for case management. I dont know what this means as I still havent had a decent answer from lawyer other than it is good for us.
          The main question I have re Vocational Assessment is the fact that it is taking place at a medical clinic instead of the assessors office!
          Why would that be so?
          This assessor is not a medical Dr only a psychologists!
          I am not going to allow this non-medical professional poke and prod me where I will suffer for days
          Any answers to this would be greatly appreciated

          Thumb up 0 Thumb down 0

    • With re to the potential IME related to the hack (unless a sheer coincidence…), he is a shrink indeed, but it is NOT Dr DS.
      It does feel good to be back online, and no matter how hard “they” might try to destabilise our site, we will allways find a way to get back on line. After all, the truth always prevails.

      Thumb up 0 Thumb down 0

      • @WCV and Staff. So happy you’re all back. Great effort and yes the Truth will Always Prevail (eventually). You’ll never know how much we have all missed this site, the help and online friends here. I hope we can keep pushing their buttons and upsetting these corrupt mongrels. Be scared you unscrupulous wc agents- we are going to KEEP Telling the TRUTH!
        Great Work and congrats!
        MadChef
        ps anyone been sent a worksafe survey letter for upcoming survey by Wallis Market and Social Research?

        Thumb up 0 Thumb down 0

  2. Welcome back WCV. FU hackers!

    Thumb up 0 Thumb down 0

  3. No surprises here. And it’s likely to happen again. WorkCover, employers, insurers etc are regular visitors here. Isn’t it so good to let them know how we think and feel – if only they would pay attention.
    PS, the like button doesn’t work, mmmmmmm

    Thumb up 0 Thumb down 0

    • Dear JustMe,you are right,if the system was above board they wouldnt be hacking into this site,so to me the fact they do speaks for its self.Yes I noticed the like button doesn’t work.

      Thumb up 0 Thumb down 0

    • Re the “like” button, it works when you click on it twice. Obviously we’re still working on the ‘fine’ hack-affected details of our site, but at least we’re back on line!

      Thumb up 0 Thumb down 0