Another .mu website hacked
April 9, 2015
Yet another .mu website hacked. A while ago I came across a domain qualitevolaille.mu which displays a Hacked By Probiltar page.
The message is signed by "Khalifa Team Hacker"
I used Google Translate to read the message
The domain was registered in 2014 and there is no detail about the registrant.
Domain Name: qualitevolaille.mu
Domain ID: 940017-IDL
WHOIS Server:
Referral URL:
Updated Date: 2014-06-02T04:43:00.342Z
Creation Date: 2014-05-12T11:54:59.962Z
Registry Expiry Date: 2015-05-12T11:55:00.189Z
Sponsoring Registrar: Register.mu
Sponsoring Registrar IANA ID:
Domain Status: ok
Following the question put by Avinash, the website of qualitevolaille.mu was compromised due to an un-patched CMS (Drupal). A vulnerability, among other flaws on the webserver could have allowed the attacker to upload a “webshell”.
Google cached page showing a “webshell” on qualitevolaille.mu
A “webshell” is a web-based tool that allows an attacker to launch commands server-side, run scripts, modify/create/delete files etc.