Hacker Safe = Most untrustworthy worthless badge ever (iPower Server Hacked)

Attention: This content is 16 years old. Please keep its age in mind while reading as its contents may now be outdated or inaccurate.

I’m sure you’ve seen them… we’ve all seen them… the little green shield icon with the words “Hacker Safe” next to them.  Showing those links on a site is supposed to make the end user feel safe that their servers are, as the claim, “hacker safe”.

Now I for one have never put any amount of credibility in to that badge.  The claim alone is ridiculous.  Just because it passes some mysterious (what kind, who knows) checks from the hacker safe server, then that site is invulnerable to ALL hacks every where.

I got news for you… it’s bull shit, and I have (more) proof.

www.ipower.com

Home of iPower hosting company.  I even had a domain hosted with them for around 2 years before switching off.  They had shitty ass customer support and the server my site was on always seemed to need maintenance done to it and was down more often then it was up.  That’s really more a topic for another day though.

Right on the top of their site they display the Hacker Safe badge… yet their server(s) have been hacked.

The thing about the hack though is it’s not an obvious hack and had the guys and I scratching our heads in the office as to what was going on, but we figured it out with the help of a packet sniffer (oh how I love thee WireShark).

Here is how to see the hack on their server.  Open up a browser and type in http://evansrestoration.com (or www.evansrestoration.com) and you will be taken to the proper Evan’s Restoration web site.  We ping that address and we get an IP of 66.96.131.111, which shows as “Pinging ipower-261.ipower.com [66.96.131.111]”, which is obviously an ipower server.

Now, pull up your favorite search engine.  We tried Google, Yahoo, and Ask and they were all effected.  I did notice that the hack did not effect Live.com search (meaning the hackers didn’t care about people using Live search? haha).

Search for “evans restoration”.  You will see a page of results.  Look for the evansrestoration.com site.  It should be the first or second web site on the list (don’t confuse it with Evan’s Garment Restoration, they are the same company, but a different branch).  On google’s results, the 2nd result is “Evans Services, Inc.”, which as shown in green text links to evansrestoration.com.  (Before doing this step you may want to disable javascript on your browser just to be safe from the hijack, although not necesary) Now click the link and hold on to your mouse.

Your browser is hijacked to some bullshit malware/spyware site trying to sell you some bullshit useless antivirus.

How the heck did this happen?  Well as mentioned earlier we examined the packets that were sent and received after clicking the link and were able to figure it out.

iPower’s server(s) have been hacked.  The hackers have modified the htaccess or Apache configuration files so that if traffic is coming to one of the sites on the hosted server FROM a search engine link, then redirect it to their malware site.  If you aren’t getting to them from a search engine link, then do not redirect.  This is a pretty easy thing to do with Apache and takes maybe 2 lines of code.

iPower’s servers were hacked…  but wait a minute?  Aren’t they HACKER SAFE?!?!?!  Well, obviously they are not Hacker Safe… This with out a doubt completely discredits Hacker Safe in my mind (as if I needed any further proof to not believe that bullshit site), as well as FURTHER discredits McAfee (who owns hacker safe and has a reputation for shady activities, as well as poor security and performance), and iPower web aas companies worth doing business with.

So, next time you’re mindlessly punching your credit card in to some site thinking it’s safe becuase you see the Hack Safe badge… take a moment to stop and think about what you’re doing.