We found out why iMakr’s website was hacked for over a day last week.
iMakr is a prominent 3D print reseller that operates two highly visible storefront operations in London and New York City. We first visited them in 2013 at their London facility, when it was perhaps the only such storefront operation worldwide.
Readers may recall our story earlier this month detailing our accidental discovery that iMakr’s site was seemingly missing. All website are “down” from time to time, so at first this was not all that unusual. However, I thought perhaps I had used the wrong URL to find their site, so I performed what everyone would do: a Google search.
To my surprise, I found that the site had been hacked, and the Google search, instead of showing the usual iMakr blurb, said:
“Hacked ! By ! G_M-Black. I’m sorry admin ! You do not have permissions to access your site anymore ! Your site hacked !”
That’s not the kind of message that usually appears when a site is down.
I followed the site for the remainder of the day, finding it down, but occasionally partially restored. It seemed there was a struggle taking place with iMakr’s staff attempting to restore the site. Eventually, a day later, the site seemed to be fully up and running.
After a few days we contacted iMakr founder Sylvain Preumont to find out more about what happened.
It seems that the company was not specifically targeted, but rather was caught up in an automated sweep by hackers who wished to vandalize the site. Preumont says:
“We believe that there was a weakness in a certain module, and that many hackers use automatic testing algorithms that do try a range of sample attacks randomly and automatically at an immense number of websites, testing their luck. Whenever the robot finds success, then they start to explore this particular weakness on this particular website. We’ve been badlucked to a) have this weakness and b) get found. We paid the price.”
This is an unfortunate development in today’s Internet: bots are constantly probing any device connected. It’s said that an unprotected desktop computer attached to the Internet will be automatically compromised by bad guys within minutes.
The same process occurs on websites, where hackers attempt to find weaknesses and then exploit them. Bots find websites, typically powered by open source Wordpress software, and look for known exploits. These are actually documented as fixes are released.
The problem arises when sites fail to keep their software up to date, and then it’s relatively easy for bad actors to leverage the known exploits. This is as good a reason as any to always keep your software up to date.
Fortunately for iMakr, there appears to be little lasting damage, as the hackers in this case seemed to simply want to “take over” the site and not much else. Vandals, in other words. More sophisticated actors might have done much worse, for example replacing web pages and redirecting payments to their own accounts. That didn’t happen here.
The moral of the story here is that everyone operating a website, including those in the 3D print community, should do several important things:
Keep website software up to date with the latest fixes to prevent easy entry by bad actors
Have a complete backup of the site on hand
Monitor the website to ensure nothing bad has happened and if so, begin remedial actions immediately
Have a plan in place to perform recovery operations
That last point is critical. If your website was suddenly down, can you or someone in your organization fix it? Do you know who to call for help? Have you made prior arrangements with them for assistance if required? Best figure that out ahead of time.
Taking steps ahead of time will surely save a lot of trouble later, should something bad happen.
As for iMakr, Preumont says things are not only back to normal now, but hints of big things to come, which we’ll be watching for.