Fixes & How a Turkish hacker group, (Aslan Neferler Tim) took over over 50,000 websites, including 4 belonging to me and over 50,000 others.
Last updated on February 3rd, 2018 at 12:10 am
I have over 30 website but I host 6 over at SmarterASP. This morning I woke up and saw 4 of my website’s content and files replaced with some static HTML with a message and YouTube Video broadcasting a Turkish message. I ran a search on google and found thousands of websites with the same issue so I created this tutorial to help those that were hacked to recover their websites.
Contents
ASLAN NEFERLER TİM NATİONAL FORCE HACKED!.
MEVZU BAHİS VATANSA; GERİSİ TEFERRUATTIR!
BİZLER VAR OLDUKÇA, SİZLERE RAHAT UYKU YOK!
5 hours later and the group is on Facebook boasting about hacking my websites. 🙁
Symptoms
- It turns out that somehow they got a hold of my FTP password (strange as i only use Filezilla)
- All files under each website was deleted
- Attack was done by Turkish hacker group Aslan Neferler Tim @aslanneferler. The attacks by the hacker team named “Aslan Neferler Tim” (which can roughly be translated as Lion Privates Team)
Immediately I started a chat with my hosting provider, they didn’t offer me much advice only to boast of their strong Data Centre Firewall. Being a white hack hacker, I started asking myself a few question: Was it DNS hijacking? Was it a FTP hack? How did they get my super strong FTP and Control Panel password? Why me? But My code was checked by 2 vulnerabilities geniuses from Fiverr, Why Why Why?
The group had earlier claimed responsibility for the attacks on the websites of Belgian government agencies, Dutch right-wing politician Geert Wilders, the Armenian Central Bank, and the main webpage of renowned hacker movement Anonymous.
After some extensive research, I managed to get a hold of the situation, changed my password, uninstalled FileZilla, sent out some apologies to my subscribers and re-upload my files. Here are the steps I took to resolve the issue:
What to To if your website was hacked
- Because this type of hack is not DNS hijacking, you may not need to adjust anything at the DNS records level
- Change all your hosting control panel passwords
- change all your website’s FTP password
COMMENTS