MCCID Website was hacked! And how I fixed it…

website hacked mccid page
Let’s put off my deaf advocacy hat here temporarily and put on my web designing hat in order to give you the technical details of what happened. After arriving from an appointment the whole day last Monday (November 21), I was very much surprised when our Deaf Trainor Sir Jerome approached me and gave me the shocking news that our school’s official website “” was hacked!

As he was demo-teaching Internet subject that morning and used our school’s site as his example, he clicked on a page link. He got stunned when a porno site appeared! His students were also surprised and resorted to teasing him assuming that he is fond of opening these sites. When he clicked on the back button, the home page appears unchanged. Again, when he tried to visit another internal link, same thing happened! That disgusting porn site appeared again and again! He felt so humiliated about it. But when he gave me the bad news, I took it as an emergency case.

I have experienced before having websites I designed being hacked by malicious people who have nothing more to do than take glory in destroying other people’s reputation. The first one was with a website I designed being defaced. The other was the Official Government Website being turned into an Middle Eastern Propaganda site. This is the third one .

I took things calmly and tried to make some sense out of the flimsy belief that WordPress sites are difficult to hack. Well these bastards have done it again! Here are the things I did.

  1. First I tried looking at the codes to see if they actually changed the href tag. They didn’t! WordPress uses php functions to control the links.
  2. Then I tried checking the site’s files/folders using ftp to see if there are suspicious files added. There weren’t.
  3. Probably there is a vulnerability in having an outdated WordPress version (3.1.1) so I updated to 3.2.1. Again, the site still redirects to a porn site.
  4. I tried checking on the Permalinks. On the left menu, I clicked on Permalinks under Settings group. Then I selected the default setting format. It worked! The posts went back to their original content although the permalink was changed. Also, the changes only affected the posts, but not the pages.
  5. So I looked for plugins that changes the Permalink settings by adding .html or .php on URL and not just the common one. I did find two; the .html on Pages and the Improved Page Permalinks. It didn’t work. It didn’t even change the sites in-links.
  6. I also tried the Exploit Scanner plugin to view some weak links. But it also produced negative result. I simply cannot find the culprit.

So my last resort is to do what I similarly did with the government website, I need to re-install WordPress. But I gave myself another crack at it. I noticed that when I used Filezilla to view the file directory, all of the WordPress files dates were modified on November 21, the day I updated the version, except for .htaccess file. My doubts became more apparent when I saw the date created was 11/19/2011, which was just fairly recent. That’s most likely the date the malicious person penetrated my site.

To erase my suspicion, I opened the .htaccess file and bam! The file content was compromised! Instead of 401 code File not Found, the malicious hacker changed it to his own porno site. According to Wikipedia,

A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.

The original purpose of .htaccess – reflected in its name – was to allow per-directory access control, by for example requiring a password to access the content. Nowadays however, the .htaccess files can override many other configuration settings including content type and character set, CGI handlers, etc.

.htaccess file
So this is the one that overridden our school’s website. When I opened the file, the porno site URL appears!

WordPress .htaccess hack codes
The same thing happened to the WordPress .htaccess file. It overridden the file with its own. It even removed the WordPress built-in codes.

Now, how do we solve these problems from cropping up again? The answer is, NONE. So long as there are mischievous, good-for-nothing guys out there whose main goal is to destroy others business, the hacking remains. But you can help minimize the intrusion by doing these simple suggestions:

  • BACK UP, BACK UP, BACK UP OFTEN – WordPress developers have created plugins to automatically backup your database. My favorite is WordPress Database Backup by Austin Matzko. But nothing beats the old ftp back up style which you all web developers are used to. In this case, I simply deleted the .htaccess file and re-copied the back up one.
  • Don’t use .htaccess on your main server folder. Hackers usually look for this file as one of the common way to enter your fortress.
File Attribute in Filezilla
File Attribute in Filezilla
  • Since WordPress makes good use of .htaccess file, make sure that the file attribute is set to 444. This means it can only be read but not written.
  • Always update your WordPress CMS version. Remember that these malicious guys often attack softwares that are popular and has widespread use. Think about Windows OS as against Apple OS. WorPress is now the most used CMS in the world. Hackers often race themselves in how to crack its codes in order to make them feel satisfied in penetrating the top and the best. But I’m pretty sure the WordPress good guys are doing overtime to make our sites safe.

Consider this as a learning experience and a time for you to brush up your web designing skills. I have been pre-occupied lately by activities related to the deaf community so I don’t update my sites as often as I used to. So I took this situation as an opportunity to review my web design lessons. 🙂

Web Accessibility Forum

I know that we have been very busy with our own work. But just to show to you that Philippine Web Accessibility Group has not been idle these past few months, I would like to announce that there will be a Web Accessibility Forum tomorrow, August 2, 2011 from 8:00 am to 12:00nn at the “Occupational Health and Safety Center in North Avenue, Diliman, Quezon City in front of Veterans Golf Club.

This activity is in line with the celebration of “White Cane Safety Week” slated from August 1 – 6. The forum will convene the webmasters/web designers of different government agencies as well as key non-government stakeholders in making their websites accessible to Persons with Disabilities called for in the UN Convention on the Rights of Persons With Disabilities.

Mr. Julius Serrano of ATRIEV will be giving short lectures on access of blind persons on the Internet while I will be giving a brief overview of laws and Philippine circular regarding web accessibility.

This forum is free. You may want to drop in to OHSC if you don’t have conflict with your schedules. See you there! 🙂

Deaf Designed Site won Best Organization Website

Good news to our Filipino deaf web designers! The Official Website of the National Council on Disability Affairs won in the Association/ Organization category of the 4th Digital Filipino Web Awards this year.

This is the first time NCDA site won the award given annually by the Club whose members judge the nominations from the public in over 40 categories. The site was designed by Ervin Reyes, an award winning Deaf web designer together with yours truly under MCCID College of Technology.

The Digital Filipino Web Awards were given last Friday, November 13 at the Hotel Intercontinental in Makati City. It was part of the Digital E-Commerce Summit, which started in Thursday.

From Left: Me, Sir Dandy Victa of NCDA and a representative from Bitstop Network Services who nominated the website

The NCDA site award was received by Mr. Dandy Victa, Assistant Chief of Technical Cooperation Division. Yours truly gave the brief overview of the website. I also focused on the promotion of web accessibility.

Digital Filipino Web Awardees
The websites were reviewed and judged “for their ability to create a noticeable presence on the Internet—their ability to be seen and heard among all the noise and clutter of the Net,” said the award body.

“The Web Awards aims to advocate the use of Internet and e-commerce for business development, through the identification, promotion and highlighting of best e-commerce practices from various websites in the Philippines,” it said.

The criteria for determining the winners were:

• Search engine readiness—title tags, keywords and page strengths.

• Content/organization—clear purpose, target audience clearly defined, citation of sources whenever used, freshness, originality and accuracy of information.

• Structure and navigation—opening page, content connection and transition, writing and conventions, ease of navigation and link usefulness.

• Design and functionality—overall layout, colors, background and text.

• Technical performance—page loading, browser flexibility and live links.

• Interactivity—audience involvement and overall experience

In behalf of the organizers of the Digital Filipino Web Awards, thank you very much for the honor you gave to us. To God be the Glory! 🙂

1st Philippine Web Design Conference a Success

More than 400 attendees, way above the group’s goal, trooped to Asian Institute of Management (AIM) last July 10 to attend the very first Philippine Web Design Conference spearheaded by the newly formed Philippine Web Designers Organization (PWDO).

Panel of speakers
Conference Attendees
Who would have thought that an event as big as this would succeed? Although it was already planned as early as September 2008, it wasn’t until early April when everything starts to roll (thanks to the completion of registration at the Securities and Exchange Commission in March 31.). There were so many kinks to iron out. As late as July 6, the group was still having a problem opening a bank account at BDO due to a mile long requirements which includes the securing of the General Information Sheet (GIS) from SEC. And to top it all, even if more than 300 registered online, only two persons actually paid in cash!

Well, everything went great, way above our expectations! As part of the organizing team, I was aware about the group’s day-to-day developments. The bank account was successfully opened after I got the GIS from SEC. The Asian Institute of Management officials were very generous in giving the group a great venue, good food, free coffee and free wi-fi. The speakers were eloquent and knows their craft. The event started on time but ended quite late due to the Q and A part.

What I am really proud of is the successful holding of the “Disabled Friendly Website Awards” courtesy of the Philippine Web Accessibility Group and the National Council on Disability Affairs. Previous awarding rites were led by the government as part of their program of events. This time, I’m proud to say that it was done in a non-government affair and in front of “real” web designers, not just some government employees who attend government sponsored seminar-workshops with the sole purpose of escaping from work and getting the comforts of free hotels and travel.

I’m also doubly proud that all recipients of the awards were present. They were:

  1. – Official Philippine E-center Community Portal of the National Computer Center represented by Ms. Eloisa San Mateo (Government)
  2. – Personal Website of Ms.Miko Reznor (Anna Monica Esguerra)
  3. – Official Website of Liliane Foundation Philippines represented by Sis. Agnetia Naval, National Coordinator (Non-government Organization)
  4. – Web Standards Website of Regnard Raquedan (Personal Website)

They all received a plaque of appreciation courtesy of the NCDA.

Awardees pose together with NCDA Director Geraldine Ruiz
Awardees (from left): Regnard Raquedan, Eloisa San Mateo, Sis. Agnetia Naval, Anna Monica Esguerra, Jojo Esposa and NCDA Director Geraldine Ruiz.

Regnard, PWDO’s President, on his interview by the Philippine Daily Inquirer said the group envisions third party certification for Web design in the Philippines. They also look to help train designers in developing their skills further and also to establish ethical and best practice guidelines.

He remarked,

“We’d like to make Filipino Web designers more reliable for an international market and make them more innovative.”

To all the awardees, thank you very much for promoting web accessibility in your websites! And to the PWDO group, you know who you are, kudos to all of us for a job well done! Let’s calendar July as the date when web design conference will always be held. 🙂

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to Ma.gnoliaAdd to TechnoratiAdd to FurlAdd to Newsvine

My tribute to the First Philippine Website for the Deaf

MCCID Online 1997 Edition

Yahoo has finally pulled the plug on, the pioneering online free webhosting site. Started in 1994, this unique site makes users select a “city” in which to place their web pages. The “cities” were named after real cities or regions according to their content—for example, computer-related sites were placed in “SiliconValley” and those dealing with entertainment were assigned to “Hollywood”—hence the name of the site.

People visiting the site are now greeted with the simple message, “Sorry, new GeoCities accounts are no longer available.” Existing users can still access their accounts, but Yahoo has begun aggressively pushing them to its premium Web Hosting. Yahoo purchased the site in 1999.

This news may sound trivial especially to those who were new entrants to the Internet age. But for guys like me, this recent development has made me felt sentimental. I first experimented designing sites using the free service of Geocities way back in January 1997. During those times, Netscape was the undisputed browser of choice. I remember, I even made campaign emails and web forum comments against its fierce onslaught by Microsoft. Back then, web designing fads were putting running marquees, blinking gif animations, framesets and heavy Javascripting.

My First Animated Gif Design
My First Gif
One of the first sites that I dabbled was the Official Website of Manila Christian Computer Institute for the Deaf which was then called MCCID Online. I can proudly say that in 1997, we were the first school for the deaf, probably even the first in Asia that went online. The site’s home city was in Athens. That is why its address was ““.

I was pleasantly surprised and wondered why after more than twelve years, the site is still existing. They did not tear it down. The other sites which I created including my personal site were all removed by Geocities except for the one which I designed in 2001 for my family owned former computer school. After careful research, I found out that Yahoo retained those sites which back then, has many valuable outbound links.

Important articles and news items that appear in the MCCID Online website include:

That site has received a few awards including the Deaf Watch Awards and a nomination in the 2nd Philippine Web Awards. It was even used as a credible online resource information pertaining to deaf people and institutions in the Philippines by Deaf Child Worldwide, Asia Disability Japan, Google Directory Asia, Deaf World Ministries (Deaf Culture) and The Interpreter’s Friend. In one occasion, it was even used as a reference by Gallaudet University.

I remember back in 2005, an American-Canadian researcher of SIL International Ms. Hope Hurlbut visited MCCID together with our deaf alumna and a provincemate Ms. Gilda Quintua. She was conducting a survey on sign language used by Filipinos. She wanted to find out the variety of languages used by deaf people in every province. She informed me that she had no idea how to go about the research since she is not familiar with places in the Philippines. It’s a good thing that she was given a printed copy of the directory of organizations in the country which her superiors got from the Internet. At the back of my mind, I knew that the list came from MCCID Online which I was proven right! The printout came from our site. It became very useful for her. You can freely download her “Philippine Signed Languages Survey” on this link.

After 1999, I wasn’t able to update the site because I forgot its login name and password. In 2000, MCCID bought its own domain name and transferred all the contents. However in 2006, the school’s domain became in order to make emphasis on it as an educational institution. The school still retains the old domain ( But it now houses websites designed by our deaf students for free. However, the school’s official website continues to provide and update a more comprehensive directory of deaf organizations, schools and entrepreneurs in the Philippines.

Now, why did I make this blog entry? Simple. I want the site to be remembered before it will be permanently removed by Yahoo from the face of the cyberworld. 🙂

Blog at

Up ↑