On Sunday 5th June 2016, a few blogs reported that an unknown hacker defaced the Acunetix website on the morning of Saturday 4th. The first two blog articles suggested the hacker was Croatian. Acunetix was not contacted for comment prior to these reports being published.
We take any such allegations or incident reports very seriously and immediately initiated the necessary investigations as part of our standard procedures.
We have now completed full forensic analysis of all web server logs, and the website itself, and can confirm that no breach has occurred on our website. Erring on the side of caution, we also corroborated our findings with a reputable third party company specialized in the web technology we use.
Acunetix Website Security Practices
For the record, and to dispel fear, uncertainty and doubt spread by speculative gossip on social media, we confirm that we have been running the latest version of WordPress, as always, and the minimal set of plugins used for our site does not have any known security issues. Also, for the record, the WP mobile detector plugin has never been used in the Acunetix website. Moreover, plugin code is diligently scrutinized prior to acceptance for use in the Acunetix website as per standard procedure and best practice.
The Acunetix website is hosted at a reputable world-leading mainstream cloud service provider. The cloud service provider confirmed to us that, at the start of the weekend, in response to a brief underlying issue with the host the Acunetix website instance was residing on, it was rebooted to ensure its stability. Visitors to the Acunetix website URL would have seen the standard “Forbidden You don’t have permission to access / on this server” message until the supervised restart of the website was completed by our own administrative staff on Sunday 5th June early afternoon (CET).
Potential Impact Assessment
Our website has minimal impact on any of our other systems, be they payment and financial records systems, support systems or even Acunetix Online Vulnerability Scanner since they run on completely separate unconnected systems and Acunetix does not store credit card details. We also confirm that our Acunetix Web Vulnerability Scanner software’s vulnerability update feeds have not been tampered with in any way.
Meanwhile, we have received assurances from our cloud service provider that all is fine with our website instance.
Conclusion
As yet unknown persons seem to have picked up on this event to make a fraudulent claim that our site was defaced. The screenshot is a forgery and results of our analysis of the image confirm that it is the only screenshot image in circulation.
Furthermore, the same person or persons or a different set of unknown persons have also reported the incident to zone-h – a site used to track defacements. This site shows the same Forbidden message mentioned above, and not the defacement message featured in the screenshot shown in the blog articles.
We thank you for your patience and understanding. Forensic investigations are always a challenge. In the context of this incident, it would have been comparatively easy to work on a vandal hack the intent of which would have been to leave a visible trace because a hack would then have been indisputable. Conversely, it is more challenging to find a hack that never was and the work that that entails is far greater.
Acunetix Ltd, 8th June 2016