Another .mu website hacked

April 9, 2015

Yet another .mu website hacked. A while ago I came across a domain which displays a Hacked By Probiltar page.



The message is signed by "Khalifa Team Hacker"


I used Google Translate to read the message

The domain was registered in 2014 and there is no detail about the registrant.

Domain Name: Domain ID: 940017-IDL WHOIS Server: Referral URL: Updated Date: 2014-06-02T04:43:00.342Z Creation Date: 2014-05-12T11:54:59.962Z Registry Expiry Date: 2015-05-12T11:55:00.189Z Sponsoring Registrar: Sponsoring Registrar IANA ID: Domain Status: ok

Following the question put by Avinash, the website of was compromised due to an un-patched CMS (Drupal). A vulnerability, among other flaws on the webserver could have allowed the attacker to upload a “webshell”.


Google cached page showing a “webshell” on

A “webshell” is a web-based tool that allows an attacker to launch commands server-side, run scripts, modify/create/delete files etc.