<p>
As many of you may know, the OkinawaResource index page was recently vandalized.  We say "vandalized" because capitalizing on a widely published exploit is not hacking.  And, although defacing websites is immature and defunct, at least it motivated us to finally get rid of phpNuke.
</p>
<p>
Some of you may be asking why the "hacker" vandalized this site....  The "hacker" entered "web site engine s code is copyright © 2003 by php-nuke" into Yahoo.com.    The vandal was searching for the exploitable version of the phpNuke Web Site Content Management Software...not our site.  Many of you may not know that the exploit used is extremely simple and common, indeed almost hackneyed.  Futhermore, anyone with a computer can do it.  A simple cut and paste of some borrowed code to add an image and a simple marquee and whalla!  
</p>
<p>
We truly apologize for any distress this may have caused anyone, but we assure you it has not affected the restructuring of the site in the least.  It was, in essence, an immature child with a computer and not much else.  As assurance that this matter has been dealt with fully, we have included the important information and actions taken below for you to review.
</p>
<ol>
<li>First, we removed phpNuke altogether.  Furthermore, we verified, deleted the injected information and secured the SQL db.

<li>Second, we reported the vandal.  (See below.)<br><br> 
<ul>
<li>Raw log entry with the vandal's IP address.<br>
-------<br>
85.99.24.224 - - [23/Jan/2006:05:56:42 -0500] "GET / HTTP/1.1" 200 2934 "http://search.yahoo.com/search?p=Web+site+engine%27s+code+is+Copyright+%C2%A9+2003+by+PHP-Nuke&ei=UTF-8&fl=0&x=wrt" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"<br>
-------<br><br>

<li>The vandal's ISP information.<br>
-------<br>
<strong>inetnum:</strong>         85.99.24.0 - 85.99.31.255<br>
netname:         TurkTelekom<br>
descr:           ADSL-ALC-Kadikoy-Dynamic Pool<br>
country:         tr<br>
admin-c:         TTBA1-RIPE<br>
tech-c:          TTBA1-RIPE<br>
status:          ASSIGNED PA "status:" definitions<br>
mnt-by:          as9121-mnt<br>
source:          RIPE # Filtered<br><br>

<strong>role:</strong>            TT Administrative Contact Role<br>
address:         Turk Telekom<br>
address:         Bilisim Aglari Dairesi<br>
address:         Aydinlikevler<br>
address:         06103 ANKARA<br>
phone:           +90 312 313 1950<br>
fax-no:          +90 312 313 1949<br>
e-mail:          abuse@ttnet.net.tr<br>
admin-c:         BADB3-RIPE<br>
tech-c:          ZA66-RIPE<br>
tech-c:          ZA196-RIPE<br>
tech-c:          LA109-RIPE<br>
tech-c:          NO638-RIPE<br>
nic-hdl:         TTBA1-RIPE<br>
mnt-by:          AS9121-MNT<br>
source:          RIPE # Filtered<br><br>

% Information related to '85.99.0.0/17AS9121'<br>

<strong>route:</strong>           85.99.0.0/17<br>
descr:           TurkTelecom<br>
origin:          AS9121<br>
mnt-by:          AS9121-MNT<br>
--------<br><br>

<li>The letter we wrote to the ISP.  We also included all log entries involving the vandal.<br>
-------<br>
Dear Sir/Madame.<br><br>

On 23 January 2006, OkinawaResource Organization's website was defaced by
one of your customers.  An archive of the defaced page is available at
http://www.zone-h.org/defacements/mirror/id=3268396/.<br><br>

The IP recorded in the raw log is 85.99.24.224.  I have attached a text
file with all of the entries for this IP.<br><br>

Any assistance/corrective action you lend is more than appreciated.<br>
--------</ul></ol>

It is now up to Turk Telecom as to whether they will take action against the vandal.<br><br>
Again, we apologize to those adversely affected.  The upside is that the site was in the process of being restructured and this act has only hastened the work with that.