Business, Opinion, Philippines, Startup

Sulit Founder RJ David explains the hacking of Sulit.com.ph and the problem with local Internet industry


Sulit.com.ph is now back online of course not without any casualty, remember a site as big as sulit.com.ph will lose a big chunk of revenue if the site went down even for just a few minutes.

Earlier today, Sulit was defaced where the homepage displays the “ayosdito.ph” instead.

Now on his Facebook account Sulit Founder RJ David explains what really happens and how a simple .htaccess hack even if it’s just for a few minutes may take 48 hours to propagate globally, he also mention that this similar to the November 2008 hacking of Dot.ph which was still the early days of the site.

RJ David further explains that from the first Dot.ph to this latest one, dot.ph customer service remains the same which provided no help at all, which is very strange for a registrar and web hosting company and “takes pride in providing quality service.”. I guess if RJ David only has a choice he would have move to a new registrar already one that provides better customer service and a more secure service.

Dot.ph is the only registrar in the Philippines where you can get a “.ph” domain name.

Here’s the complete post of RJ David.

Somebody was able to access our account at Dot.ph again and change the details of Sulit.com.ph. As of now, we have already changed the details back and just waiting for the domain to propagate globally which unfortunately can last up to 48 hours.

This issue was reminiscent of the November 2008 hacking of Dot.ph wherein our domain was intentionally parked to earn from the redirected traffic.

But there are a few differences this time:
1.) Only our password was changed and not our email address. We received an email for a password change to there might be a security hole in Dot.ph password change process. There was a high probability that the attack vector was this process. If this was the case, then it can happen again if Dot.ph won’t do anything fast.
2.) The domain was not parked but instead forwarded to the website of one of our competitors in the industry

But one thing remains the same:
Nobody is still answering from Dot.ph to help us resolve the issue. Just like the November 2008 which happened on a weekend, we might not hear from Dot.ph until Monday.

This is a very big problem of the local internet industry and Dot.ph must do the necessary steps to keep the local websites running 24/7

  • Emilio Avancena

    dotPH has support after office hours and on weekends. We respond within 4-8 hours of receiving a voicemail, almost always much sooner. Senior tech personnel are on call, which is why we were able to do a quick fix within minutes of learning about the problem.

    We take these incidents seriously. When Sulit was hacked some years back we plugged the hole, identified the hacker, tracked him to his front door and set the NBI after him. See:
    http://technogra.ph/2009/02/28/dotph-tracks-down-sulit-hacker-to-legaspi-city/
    http://dotph.domains.ph/hacking-dotph

    • http://www.kabayantech.com/ Abiel Abuy

      That’s good to know. I’m more than happy to post dot.ph side of the story.

    • http://www.facebook.com/albert.israel Abet Servillon

      Hi @google-a1c161fd690ac3bf00ebc3a9bf764760:disqus, we would love to know more about your statement or the official Dotph statement about the incident. We can publish an article for that here in KabayanTech so the reader would also know the other side of the story.
      Btw, the second link you’ve given is forbidden.

    • Jay

      making “fences” to prevent attacks is way much better than calling the police after the attack, don’t you agree? -> dotph has a lot security problems and very little is being done about it. dotph domains has consistently ranked as one of the most dangerous country code TLD in the world(4th according to McAfee).. VERY SCARY for dotph owners.

  • Pingback: The Ayson Chronicles: A Life Online