What do we know about the damage done?

This attack was very deliberate, sophisticated and calculated. The attacker was able to circumvent our security measures and access via an arcane backdoor protected by additional firewall. We are still investigating the situation, but we know the attacker infiltrated and deleted the backups first and then deleted three databases: user/post/thread. We have no record or evidence that private message data was accessed. Absolutely no credit card or PayPal data was exposed.


Do we know the motivation behind the attack?

We don’t know enough at this time, so any insight would be purely speculative in nature. WHT is a platform where positive and negative information is shared and exposed about business and individuals. Under TOS policy, we cannot edit or remove user-generated content at the request of an unsatisfied third party. Therefore, WHT tends to become the target for disgruntled individuals and businesses.


Have we been able to restore more recent back-ups?

The offsite backup, the onsite backup and the operational data were destroyed by the attacker, so we’ve resorted to a physical back-up of last resort. Unfortunately, we are experiencing difficulty restoring from our most recent physical backup. At this point, October is the most recent backup that we were able to restore. We continue to work to extract data from a more recent set of DVDs.


What is WHT focused on doing now?

The first priority, which kicked in immediately upon discovering the hack while in process, was locking down the infrastructure to avoid further damage and restoring the site. We also had to block the potential for a repeat attack. Now we are working on investigating how much prior data is restorable, reinstating premium memberships, contacting business partners, and communicating with the community members. We are also doing everything possible to identify the attacker and bring them to justice. Disappointments happen – we are working hard to restore trust among community members and to bring things back to normal.


Is WHT doing anything different due to this attack?

WHT has been targeted before and our infrastructure has withstood previous attacks. However, following this well-planned and targeted attack, we will be altering aspects of our architecture to ensure that this type of attack does not happen again. Needless to say, we have learned from this situation and will address any discrepancies accordingly.

We had three, protected data back-up units with one offsite behind a firewall and a fourth physical data back-up layer. We evaluated our disaster recovery plan as recent as late-2008, and carefully reviewed how to recover from a disaster situation. The attacker appeared to have deliberately targeted our data back-up systems, a scenario that our disaster recovery plan did not fully anticipate. We have implemented changes to our data backup and disaster recovery plans to address this weakness. And we advise others to consider a scenario of deliberate, malicious data destruction in their backup and recovery plans.


What should members do now?

The password encryption technology we use is strong for securing non-financial data. However, we suggest that members change their passwords frequently and do not use the same user name and password for the forum as they may use for more sensitive services like online banking. If a member feels more comfortable changing their password, then we recommend that they do what makes them feel more secure.

A concern is that members may receive more spam because the attacker posted stolen email addresses on file sharing sites. I haven’t personally seen an increase in the amount of spam I usually receive to my email address, but it is a risk that we cannot easily alleviate. As we become aware of specific file sharing sites with these email addresses, we are requesting that the emails be removed promptly. So far, most have been quick to comply.

What if I can’t use my WHT account?

We are temporarily using a version of the database from October 2008. This means that if you joined WHT after October 2008, you’ll need to register again to post now. We may still be able to recover your account, but we don’t know yet. Please register with the same username you used before.

If you joined WHT before October 2008 and get a password error, the system is probably asking for the password you were using in October 2008. If you don’t remember your previous password and have access to the email address for your WHT account in October 2008, please use the password recovery tool.

For help accessing your account, please open a helpdesk ticket (http://www.webhostingtalk.com/helpdesk/).

If you’ve subscribed to a Premium or Corporate membership prior to October 2008, someone from iNET has contacted you by now. If you’ve subscribed (or re-subscribed) since October 2008 and haven’t heard from iNET, please contact us on the helpdesk (http://www.webhostingtalk.com/helpdesk/).

Moving forward ...

We take the protection of user-contributed data very seriously, and we strongly regret what happened. iNET has a sophisticated infrastructure with advanced security. Yet even institutions that spend millions of dollars a year on Internet security are exploited. Anyone recall NASA being hacked some years back?

It’s not what you’ve done, it’s what you do. And from this day forward, we continue.

We’ve been overwhelmed by all the offers of help and support we’ve received from our members. What can I say about that beyond my heartfelt thanks? I love this community!

Great to see these questions all answered in one place.

Here's hoping the data can be recovered.

Google cache or archive.org could be used to restore the missing part of WHT if all attempts fail.

Just when you think you have all the technology in place for security, along comes "social engineering". So, with that in mind, there is no such thing as 100% secure. We live, and we learn. I hope to someday have a site as popular and valuable as this one someday so I can set out to make it 100% secure. That is always the goal. Dave

So was this purely a exploit / software based intrusion or was there social engineering or the sorts involved?

Not advanced enough, clearly. We know what happened was regrettable or whatever, but trying to say WHT was secure is treating us as fools.I won't have any trolling in this thread. If you want to simply complain and state that a seemingly secure network cannot be vulnerable to a determined thief, go somewhere else. I'm pretty sure we all get it.

Once the monkeys get into your tree it's difficult to shake them out permanently. You can bet that it was the same person or persons who got in last year, if not them, someone who worked with them or used their information for the second (?), more comprehensive strike.

But to lay blame at the feet of the company that manages this monster is pointless. No one is prepared for every eventuality. No one. Back in the day they used to say the only way to really protect a networked server is to remove it from the network. And not much has changed since then.

You don't have to trust these guys. It's a forum, last time I checked, participation was voluntary. If your trust has been shattered and the foundations of your very existence rocked by this tragedy, then go someplace safe and warm and forget about this beehive. I don't think anyone was cast into a pit of financial ruin or driven to the brink of suicide by this episode. In the grand scheme of things, what's the worst possible outcome? People lose some posts? Your premium membership is unavailable for a few days? Oh my, how will we ever survive?

With everything collapsing and crumbling around the world (hello Iceland!) bitching about this just makes you look like someone with way too much time on their hands. Take a deep breath, pull your socks up, get over it.

So was this purely a exploit / software based intrusion or was there social engineering or the sorts involved?

There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.

This is the hard time to WHT,now we have to help the community admins to over come the hardtime.

Was wondering why my old thread had gone MIA.

Looks like you guys are doing everything you can to prevent something like this from happening again, as well as trying to recover as much information as possible.

Hi Everyone,

To the team working on restoring the site i just want to say good work so far and don't forget to get some rest :)

iNet is trying their best to help rectify the issues at hand, complaining about it will not help this situation at all.

Thank you for the brief Q/A as I'm sure many visitors will find this helpful.

There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.

That's exactly why I was curious about social engineering (or "inside job" but that's a bit too conspiracy like for me ;)) - just seemed like for the perfect storm to happen it had to be a mix of things.

Thanks for the information :)

im sure there are numerous people in this community who would be able to easily hand the attacker's ass over to him/her/them if any trackable info about the attacker is released to public.

its stupid to attack internet communities. noone would care about hacking of fbi, cia, nasa sites, some even may approve. but attacking community sites is rather dangerous. i wouldnt do that.

May I ask as per thread title,
is there any chance that there are any traces left from the attackers?

im sure there are numerous people in this community who would be able to easily hand the attacker's ass over to him/her/them if any trackable info about the attacker is released to public.

its stupid to attack internet communities. noone would care about hacking of fbi, cia, nasa sites, some even may approve. but attacking community sites is rather dangerous. i wouldnt do that.

Amen.

I learned how much I depend on and ENJOY this Forum and I am just the most humble beginner hoster. Passion, hobby, hopefully someday a business :)

I will be upgrading to Premium soon. A. To learn as much as possible. B. To show my support.

May I ask as per thread title,
is there any chance that there are any traces left from the attackers?We haven't completed a total audit yet. But we're closer to him than he wishes. ;)

We haven't completed a total audit yet. But we're closer to him than he wishes. ;)
Well, I cetainly wish you God Speed.

- Steve

Thanks for starting this thread and clearing up some of the issues:pray: .

SWR ... your tenacity and dilligent approach to this is to be commended. Thanks also for your twitter updates through the ordeal.

Good luck tracking the bastards down. Let's move forward and make sure this doesn't happen again. If all the arm chair quarterbacks would stop looking behind them and instead look forward to how to improve things (maybe take into account their own security/backup measures) we can once again become a productive community.

Joe

Out of interest, the "Recent WHT down time" thread recently moved onto encryption and Harzem shown that simply having the password hash and salt cannot actually be a security flaw.

Hence I'm wondering how the hacker was able to login to someone else's account and post on it, considering that there's apparently no way to to login to an account just by knowing the hash?

Were some of the vBulletin software files therefore hacked and changed too?

. I just made a database deleted it and got it back with system restore just with the post count corrupted for an old forum db to bad wht cant do this.


and one question. the hacker had to hack the forum before the backup servers right? how would the hacker know the backup servers ip or any information as I dont think its mentioned anywhere.

Hello.

I just joined after reading this thread.

Someone must have been adversely affected by the research you guys did.

This indicates you have a habit of being on the right track.

I don't know how I can assist but in light of the fact that my own forum was also attacked just over a month ago, I'm happy to help out.

Keep up the good work.

SiL / IKS / concerned citizen

Thanks for the update and the information in one post.

I have remade an account, unfortunately I was registered on WHT in January 2009.

Hopefully my account along with many others will be restored soon.

IMO, no offense it sorta sounds like an inside job. I think this because I don't think anyone would know the details for the iNet backups and such unless they've dealt or worked for iNet past and or present.

I won't have any trolling in this thread. If you want to simply complain and state that a seemingly secure network cannot be vulnerable to a determined thief, go somewhere else. I'm pretty sure we all get it.

Agreed. Things like this happen and we should move on now. We all know that you guys are doing the best you can, so it's best for us to be patient and to continue our contributions as normal.

Thanks for the Q&A's.

I hope you guys can recover, really sorry to hear this. I haven't posted in a while, but I know this is a very highly valued forum.

We haven't completed a total audit yet. But we're closer to him than he wishes. ;)

So we know the person is a he. :stickout:

Thanks for creating this thread, much easier than reading that 20+ page long thread. :)

All the best on the recovery plan!

Thanks for the update and good luck with recovery!

... and one question. the hacker had to hack the forum before the backup servers right? how would the hacker know the backup servers ip or any information as I dont think its mentioned anywhere.
No. The backup servers were wiped first. As for how he found them ... unknown at this point.

... Hopefully my account along with many others will be restored soon.I hear ya. And I'm hoping the same thing.

So we know the person is a he...Whoops. :blush:

If I can think of any information we can post that would help anyone recognize him, we'll post it. Maybe together we can ferret him out. :wht:

Good luck on this, I think the best solution right now as community members would just to keep posting and keep the forum alive as there is nothing we can do personally on our parts and of course bashing iNet will result to no gain.

Good luck on the restore.

...I think the best solution right now as community members would just to keep posting and keep the forum alive...
Sounds good to me. :wht:

Sounds good to me. :wht:

Ya, what he said.

Stop looking back - look toward our future here.

I am not sure if someone else speculated but I suspect this attack should have a hand from someone close to inet or server management team. This is because most of the time it is not revealed to anyone but a few people where the offsite backups are being placed. Looking at the way that attacker planned his attack, I suspect this _can_ be the case and should be considered by the concerned team.

In any case, we have been with WHT since long and we do understand that such things happen inspite of having good amount of security measures in place. Good luck with getting the backups restored.

- Rick

I am not sure if someone else speculated but I suspect this attack should have a hand from someone close to inet or server management team. This is because most of the time it is not revealed to anyone but a few people where the offsite backups are being placed. Looking at the way that attacker planned his attack, I suspect this _can_ be the case and should be considered by the concerned team.

In any case, we have been with WHT since long and we do understand that such things happen inspite of having good amount of security measures in place. Good luck with getting the backups restored.

- Rick

I am guessing that inet has good background on all of its employees and would not trust someone with the knowledge of this information if they did not trust them and know they would never do anything to harm WHT.

No. The backup servers were wiped first. As for how he found them ... unknown at this point.

Maybe he'll post a tutorial in the how-to forum? :-P

Once the bad guy gets nabbed and/or the databases are restored, I'm back with a vengeance. However at the moment I'm a bit skittish about the whole thing...this should be my 250+th post, not my 3rd. A lot of information was lost :( Too bad about the physical backups being hard to restore. I'm hoping you guys checked on restoring those in a test environment after you made them?

If you restored a more recent backup of the posts,threads and users database will the data added after the attack be lost ?
Or you will combine both databases some how ?

Maybe he'll post a tutorial in the how-to forum? :-PJust because we don't know all the details right now, doesn't mean we'll never know. ;)

If you restored a more recent backup of the posts,threads and users database will the data added after the attack be lost ?
Or you will combine both databases some how ?I'm pulling for, if we get a backup from last week, we'll be able to keep the posts from this week as well.

It is like the show 24 all over again :) Go Jack, Go!

I'm pulling for, if we get a backup from last week, we'll be able to keep the posts from this week as well.
What are the chances of restoring to last week's backup?

Yet even institutions that spend millions of dollars a year on Internet security are exploited. Anyone recall NASA being hacked some years back?


Yes indeed, I was about 15 when that happened and used to hang out on IRC/DALnet in the same script kiddie channel as the guy (skrilla) who got caught for the attack, the guy had a private rootkit/exploits and had quite a root list, a lot more than just nasa.

They got busted by going on IRC (newnet) and flaunting nasa.gov (and other) hosts :/

Good luck recovering the backups, I wish you the best!

I am sorry for this attack, some people can be #$%@. It is immature to say the least

Do we know the motivation behind the attack?

We don’t know enough at this time, so any insight would be purely speculative in nature. WHT is a platform where positive and negative information is shared and exposed about business and individuals. Under TOS policy, we cannot edit or remove user-generated content at the request of an unsatisfied third party. Therefore, WHT tends to become the target for disgruntled individuals and businesses. If I were iNET, I would had hired multiple experienced & excellent engineers to check on every single possible lead, as fast as possible.

Since WHT may be targetted by unhappy people, why not start searching from businesses who have many negative reviews and is very unhappy about it, always trying ways for them to be removed? That goes for users too.

There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.You may be involved in the hacking! You are "The Prohacker"! Just kidding! :stickout:

If thats the case, there is a chance that it is an insider job. However, judging from the case here, I will highly doubt that it is an insider job, as it seems to be planned well. Most likely the hacker is anticipating iNET to check on their staffs to see if it is an insider job, and after a long time, things may be harder to track and investigate, and the hacker can "escape".

----------------------------------------------------------------------------------

These are just my $0.02.

If I were iNET, I would had hired multiple experienced & excellent engineers to check on every single possible lead, as fast as possible.

Since WHT may be targetted by unhappy people, why not start searching from businesses who have many negative reviews and is very unhappy about it, always trying ways for them to be removed? That goes for users too.


I think it's safe to presume that iNet and WHT are doing everything possible right now to resolve this current issue and uncover leads toward the culprit and how this all went down.

I think it's safe to presume that iNet and WHT are doing everything possible right now to resolve this current issue and uncover leads toward the culprit and how this all went down.Well, they must be trying to track down the culprit, but those are just my suggestions on how, and the possibilities etc. I just love doing something a detective does!(although its not my job and I have not ever plan to be one) :D

Of course there is the nagging question, how did they find our backup cluster!

Working with high-end corporate security for many years in the white-hat field, the answer seems obvious (when you followed the official information posted here on WHT).

One of the few persons who knew about the backup cluster was probably hacked/compromized initially. A well crafted email sent to the staff member possibly with the help of a malicious website is more than enough. Possibly even a stolen laptop without/with weak HDD encryption.

I'd issue them entirely new laptops for the time of the investigation. Prohibit them to access their past emails, confiscate the old laptops with the intent to do forensics on them. Although probably not deliberate on the part of the few staff members, the leak is highly likely to be found with one of them.

It's usually easy enough for a good hacker to get this kind of information. With the "right" level of determination and savviness - alternatively with enough money to "buy" the savviness - it's almost impossible to prevent in reality... That's when the physical backups become priceless.

There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.
I dont think its an inside job but a very smart way to attack because it is rather odd someone would attack the backup servers first and if its really as hard as you say it is to find your off-site backup servers, I can tell this has been in the works for a very long time. They (hackers) were probably INSIDE your systems and just sitting there quietly monitoring all your systems...see how backups are being made, how often, among other actions that you guys perform.

They also probably noticed you guys were quick with backup restorations when may be you accidentally deleted a table or something while doing routine maintenance? That is probably how they found out where your off-site backup server were. So they first attacked the backup because seriously, who notices an old archived backup is gone when the site is up and running fine, correct? So after they made sure there would be no way to recover from backups, they deleted the actual live database.

So after the site went down and you guys went scrambling to restore....poof...no backups.

Of course, all this is just a theory. If they were able to remain stealth for such a long time to monitor whats going on your systems, I would think they were very good at covering their tracks as well. I hate to say it but they were smart, but I wish the best of luck to iNet to find the hackers.

Well, they must be trying to track down the culprit, but those are just my suggestions on how, and the possibilities etc. I just love doing something a detective does!(although its not my job and I have not ever plan to be one) :D
There is plenty of detective work going on already.

There is plenty of detective work going on already.Good luck in it then.

i'm so sorry about what happened with WHT. but i think Administrator subjectived about backup database. I think you should rsync database to a local server in your company daily. that's better..
anyway, i wish WHT still grow up ;) i learned in WHT many things

I am not sure if someone else speculated but I suspect this attack should have a hand from someone close to inet or server management team. This is because most of the time it is not revealed to anyone but a few people where the offsite backups are being placed.

thats not a necessity.

if there is any software installed within a server to connect to an outside server to place the backup there, that software probably will be using a hashed key or login info that can be found locally to connect to the remote server.

if the remote server is accessing the server to be backed up with the target server's own login data or access hash, and then receives the backup, than that's more secure, for the login/access info on the backup server doesnt get into play at any point.

Whoops. :blush:

If I can think of any information we can post that would help anyone recognize him, we'll post it. Maybe together we can ferret him out. :wht:

Would it not be wiser to share this information with the authorities, assuming this person is in a place that could be easily prosecuted?

Would it not be wiser to share this information with the authorities, assuming this person is in a place that could be easily prosecuted?
They need to know who he is first, which is what I think SWR is hinting at ;)

I.e. with help of WHT members, find who he is and then report him to the authorities.

Sounds good to me. :wht:

well as you see we're posting:D

Good luck guys

Someone did this for profit, personal esteem or both. If it was just for the sake of doing it, its likely the culprit is now bragging. Given the size of the WHT community, bragging may just root them out.

There's also the possibility that some jerk was sifting through what his botnet sent him, saw something interesting (from a staff member's shared home PC also used for work, perhaps?), investigated then exploited it. So, it may not have been as targeted as many think, just opportunistic.

I can't stress the importance of bare metal backups, at least weekly, stored off line. Glad to see private messages seem to be untouched, good luck in getting this mess sorted out.

well i shall have to registered new ID :(

Is anyone else getting a ton of new spam from a company claiming to be Point Focus LLC? Its the 6'th one today. Prior to this event, I got maybe 6 per month.

What are the chances of restoring to last week's backup?I don't know. Chances? I'd say they're still in the 50/50 range.

Would it not be wiser to share this information with the authorities, assuming this person is in a place that could be easily prosecuted?

Agreed, no matter what the aim / motivation / reasoning / modus operandi / identity of this scum might have been.

Pass it through to the authorities. Scum is scum and should be treated as a scum.

sash

PS -- By the way, I've found (via external links in Webmaster tools) my last post here -- which is gone from WHT -- on some blog. Could it be related? It appeared there very recently.

How recently sash?

I apologize if this has been asked elsewhere in the thread, but:

How did the hackers destroy the off-site backup?

I am assuming they executed a command to remotely delete it...? Did the off-site backup provider not backup their servers?

-mike

Since WHT may be targetted by unhappy people, why not start searching from businesses who have many negative reviews and is very unhappy about it, always trying ways for them to be removed?

Also a good point, I was thinking about that too. Which companies have received last months the bulk of negative reviews? There were not that much of them. I bet for some of them getting rid of all the negative info at once was worth taking risk and paying a hacker. How else can one explain destroying of the backups? I guess, you don't have to destroy them if you're trying to steal the cc info or any other sensitive data.

sash

Good luck in finding him, also like mike said did the off-site have backups of its backups?

How recently sash?

I've noticed this today -- and I'm checking WMT every single day.

This post contains a link to one of my pages, so that's how I found that (I was looking for advice about a copyright issue with Google placing my book on its Book Search program without my permission).

sash

How recently sash?

Sorry, could not edit my previous post.

This blog is definitely a ripoff of the WHT (with recent and old posts), I was able to track a few of my own topics. Should I PM you the URL?

sash

Sorry, could not edit my previous post.

This blog is definitely a ripoff of the WHT (with recent and old posts), I was able to track a few of my own topics. Should I PM you the URL?

sash

*kind of wants the URL, too* :D

-mike

*kind of wants the URL, too* :D

-mike

Hi Mike,

It's been PMed...

sash

Hi Mike,

It's been PMed...

sash

I was half-joking. =P

But interesting... The site kind of looks like a WHT rip-off that is perhaps using a RSS feed from WHT?

-mike

How did the hackers destroy the off-site backup?

# rm -rf *

:P

But if you are asking how they got INTO the off-site backup server to destroy the data, well, all of us are still speculating as to what *might* have happened.

I'm a big believer in picking myself up, dusting myself down and quickly moving on after bad events, because there's no point pondering, wondering etc.

I've every confidence that those in charge of WHT will get to the bottom of it all. A lot of it will come out in the wash too.

I am also confident that someone like ProHacker certainly isn't going to take this lying down.

What exactly happened and how he/she/they got in will only lead to specualtion and conspiracy theories, so I'm happy enough not to be adding to what must be a mind bending task of rooting out the person(s) responsible.

Nevertheless, whoever it was will most likely brag about it too 1 too many people and they'll make enough rope to hang themselves....
that's just sod's law in action.

Either way, I can't see it having a bad effect on members who use WHT.

Right now, the team need our support and for sure they'll always have mines 100%.

p.s....they couldn't have been that good...all my infractions are still there. :)

owm

# rm -rf *



If that is all that was done, they could easily recover the backup using something such as http://www.cgsecurity.org/wiki/TestDisk_Download


Was anything like that tried yet? I have used that software in the past and was able to recover deleted files without issue.

. . . p.s....they couldn't have been that good...all my infractions are still there. :)
They have a whole other server for your infractions, and luckily that server wasn't touched. :D

Also a good point, I was thinking about that too. Which companies have received last months the bulk of negative reviews? There were not that much of them. I bet for some of them getting rid of all the negative info at once was worth taking risk and paying a hacker. How else can one explain destroying of the backups? I guess, you don't have to destroy them if you're trying to steal the cc info or any other sensitive data.

sash

yes that's a strong possibility.

a credit card/personal info grabbing attacker prefers to leave little trace behind. so that noone will change their info. go in, go out.

first deleted was backups. that means someone are trying to remove info from this database.

I am not sure if the companies that got the bad reviews can afford a hacker when
their pricing scheme starts from $5 per month, unless it's a big provider.



yes that's a strong possibility.

a credit card/personal info grabbing attacker prefers to leave little trace behind. so that noone will change their info. go in, go out.

first deleted was backups. that means someone are trying to remove info from this database.

Can somebody *please* correct my user title asap? I haven't had a response from the help desk yet.

Be patient. They are very busy with such requests, they will get to you.

Can somebody *please* correct my user title asap? I haven't had a response from the help desk yet.

I am not sure if the companies that got the bad reviews can afford a hacker when their pricing scheme starts from $5 per month, unless it's a big provider.

There were a few big ones amongst them. Anyway, what's worse in these times: massive chunk of negative information available all over the net, possibly costing such a company quite a few customers, or one-time payment to destroy this information?

sash

There were a few big ones amongst them. Anyway, what's worse in these times: massive chunk of negative information available all over the net, possibly costing such a company quite a few customers, or one-time payment to destroy this information?

sash
Possibly.

Or maybe it was a talented hacker who just wanted to cause some chaos, and couldn't on other sites he tried so tried here? (Or he 'scanned' for vulnerabilities and picked accordingly, etc?)

I lost 15 posts, i am to angry, i hate hackers.

I lost 15 posts, i am to angry, i hate hackers.

And I lost over a thousand posts... nothing we can do about it, just move on.

Amen.

I learned how much I depend on and ENJOY this Forum and I am just the most humble beginner hoster. Passion, hobby, hopefully someday a business :)

I will be upgrading to Premium soon. A. To learn as much as possible. B. To show my support.

same here...I learn alot with this forum!!
I will soon hopefully be premium also! ;)

well don't know if somebody said that before...

But what is weird is the threads count, ie. Programming Discussion there are 17,579 when you are on the main page whereas when u enter the forum you can see 9-10 threads or whatever... Where is the 17579 coming from?!?!

well don't know if somebody said that before...

But what is weird is the threads count, ie. Programming Discussion there are 17,579 when you are on the main page whereas when u enter the forum you can see 9-10 posts or whatever... Where is the 17579 coming from?!?!
The figure 17,579 is stored in a part of the database that wasn't removed.

Hence the actual *posts* you can see are only 9-10, however there used to be 17,579 (but then the actual content got deleted and so haven't shown up).

Is posible to recover the DB with a file recovery?

I used to investigate federal felony's, so if I can be of any help let me know :)

I lost my whole account, started about a week after this database.

I had a ticket in to change my name for like 2 months, so I just registered with the name I wanted :) I used to be lonestar86 lol.

I can think of a recent angry host about having a negative review. Sameerhosting? Remember the DDOS attacks?

I have ddos attacks in my site, i hate ddos attacks and hackers.

This is a shame. I really hope the data can be recovered.

Tons of very useful information for a huge hungry community is like burning down a library. A real treasure.

I hope there would be more we can do, but moral support.

Shine on WHT !

I haven't been on the forum in a few days, so I was a bit lost when I tried to login. I recently changed my username to AllFloydian after October, so was a bit confused on why I couldn't login.

It truly sucks what happened, and i'm sure WHT will do the best it can to stabilize all this mess. I have a ton of confidence in Dennis and the gang, and i'm sure they'll do the best they possibly can.

It's still a very good community, with a lot of free resources... what else can you ask for?

http://my56chevy.liquinoxhosting.com/

That was the site which had a lot of WHT posts on.

This was the thread asking for it to be taken down:

http://74.125.77.132/search?q=cache:npdDByxle8gJ:www.webhostingtalk.com/showthread.php%3Fp%3D5617378+liquinoxhosting&cd=8&hl=en&ct=clnk&gl=uk

Google has been saved all the data, is posible to recover it from google cache?

Google has been saved all the data, is posible to recover it from google cache?

I was thinking that, but, then, it would be a very long and painful process. Since vB's tabling methods aren't the best that I've seen.

WHT admins can do a bot to do this job, but it isn't easy.

Hmmm, pondering... I suppose it could be plausible.

I used to investigate federal felony's, so if I can be of any help let me know :)

I lost my whole account, started about a week after this database.

I had a ticket in to change my name for like 2 months, so I just registered with the name I wanted :) I used to be lonestar86 lol.

If you haven't done so already, we would greatly appreciate you opening a Helpdesk ticket in the Missing WHT Account department so in the event we are able to restore the back ups, we can merge your accounts properly. Thanks!

Thanks, i hope that my posts will be recovered.

Its too bad the backup service wasn't running something like netapp file-servers which have read-only snapshots. That will definitely prevent anyone from completely deleting the backup files.

I have been semi-worried about something like this happening on my own server which is why I backup all the important data to my home machine everyday. Luckily i don't have more than a gigabyte or two to backup and a decently fast internet connection so its easily possible.

To be on the safe side I have my computer initiate the backup process via ssh (using keys) and my server has no way to access my comp and thus nobody could ever set me back more than a day.

SWR - when this dude is found can you stick him up so every member of WHT can kick the crap outta him :P

I am sorry to know about this :(

This is very bad situation... I hate these hackers very much. They can spend lots of time doing bad coding but can't spend few hours to do some good thing?

I hope WHT will be more safe now and the team will be able to restore all data.

In my websites, i do the backups with the cpanel and i send it to a remote ftp server, hackers can't access to them because it is password protected, they never have been hacked it.

In my websites, i do the backups with the cpanel and i send it to a remote ftp server, hackers can't access to them because it is password protected, they never have been hacked it.

Well just running an FTP server you are still in danger of being hacked. Also when you need to make backups often (every day) you really have to find a way to automate it. I think its best to automate it from the remote side because then you can run it from a machine which is completely firewalled and doesn't allow any connections from the outside.

I am sure that this will serve to alert all of use to review our backup plans and tighten them up.

If your backups are not too large a spare copy burned on a set of DVDs is hard to hack. Backing up to an offsite server via scp or ssh is fast but does leave foot prints.

Good luck with your restorations, I know what a hard job that can be.

All backup procedures seem insufficient when you have to restore from one. argh!

Good idea, i can burn it on a DVD or i can transfer it to a firewalled ftp that only acept conections from the website host.

In my websites, i do the backups with the cpanel and i send it to a remote ftp server, hackers can't access to them because it is password protected, they never have been hacked it.

That is not secure - in FTP, passwords are sent in plain text, and it's possible for someone to "sniff" the connection and grab the details.

Anyway, having had a server broken into a few years ago, I know what it's like. I hope WHT find out who's responsible and recover without pulling too much hair...

Yup, better burn it on dvd for couple months.

... I hope WHT will be more safe now ...I know we'll be. And I know that this incident has others looking at their own infrastructure to make it more secure as well.

It's unfortunate this happened. But we'll all be stronger from it.

I have a quick suggestion. Has anyone considered allowing IP by IP access to the servers? Such as only the IP addresses of iNet staff and coordinators are allowed to access the servers, and if this happened, they'd know it was a 'inside job.' ;).

But the hacker will inject a malicious code in the WHT server to hack the backups.

But the hacker will inject a malicious code in the WHT server to hack the backups.


You can't do that without having access in the first place (limiting it by only iNet Staff IP's).

This is the reason why big forum like WHT need to make automatically backup each hour and saving it into remote location which doesn't connected to the internet at all. hacking is only manner of time and money , that's all. if hacker want to hack and it's made his target then if he has the money = time then he will succeed. because of that I suggest to use remote backup which doesn't connected to the Internet at all. this is my advice.

This is the reason why big forum like WHT need to make automatically backup each hour and saving it into remote location which doesn't connected to the internet at all. hacking is only manner of time and money , that's all. if hacker want to hack and it's made his target then if he has the money = time then he will succeed. because of that I suggest to use remote backup which doesn't connected to the Internet at all. this is my advice.

But if it's a remote location, how do you connect to the backup machine if it's not connected to the internet?

If someone gains root access to a machine, they can do just about anything. Things like read scripts that control backups and contain addresses and account usernames and passwords, etc., of where those backups are.

If they have access to the server, they will also be able to connect to a machine that is only connected to the server via a second, private, network connection.

Perhaps the only "safe" way of backing up is to backup to a tape or CD/DVD drive directly connected (or built in) to the server, and for someone to physically swap the tapes or DVDs on a daily basis.

But if it's a remote location, how do you connect to the backup machine if it's not connected to the internet?

If someone gains root access to a machine, they can do just about anything. Things like read scripts that control backups and contain addresses and account usernames and passwords, etc., of where those backups are.

If they have access to the server, they will also be able to connect to a machine that is only connected to the server via a second, private, network connection.

Perhaps the only "safe" way of backing up is to backup to a tape or CD/DVD drive directly connected (or built in) to the server, and for someone to physically swap the tapes or DVDs on a daily basis.

I agree with you, that would be the best way to physically swap the tapes or DVDs on a daily basis after making backups.

backup and unplug. Seems like having it off the net would be a plausible step to take.

backup and unplug. Seems like having it off the net would be a plausible step to take.

Make sense.

Surely WHT would have a spare computer that can just connect at set times to download a backup and then disconnect. It' it's firewalled JUST for outgoing connections one have to break into their offices to get their hands on that backup.

Suggestion to WHM

I don't use WHT so much but is it possible to use this incident to start a security channel what users can join to get access to the best and latest server security support?

There are TONS of security advice, programs and more available and I am sure MOST of the security related time spend by administrators is to decide what's best or necessary or what not.

I for one WHT member will be more than willing to pay a subscribtion fee to pay for the service of a security expert whose task it is to investigate and suggest a good security system for various server models, cPanel, Plesk etc.

I blame Obama. :)

But seriously, this stuff can happen. This makes you wonder how many other websites data theft has happened to, except the difference is that the website owner never knew.

Well, I'll be darned. I haven't been around much last couple months. (My post count is probably accurate!) :D

Thanks for the email, SWR. Things will clearly be fine.

That is so unfortunate, I hope you guys are able to restore everything as quickly as possible.

I know we'll be. And I know that this incident has others looking at their own infrastructure to make it more secure as well.

It's unfortunate this happened. But we'll all be stronger from it.

Yes, it is unfortunate.

If it had happened to another forum in another topical space it would be one thing. But, given the audience at WHT, it is almost a blessing in disguise.

This event leaves very little wiggle room with respect to backups and security considerations.

For a host to now whistle in the dark while looking away from the graveyard would be inexcusable.

May I ask, what version of vbulletin this is and if vbulletin has been contacted about this?

This is nothing to do with vBulletin.

Has anyone tried to do a data recovery on the backups? I assume the hacker didn't overwrite the drive with data.

Is there an ETA on when everything is going to be restored? Still waiting :).

- Daniel :)

We had three, protected data back-up units with one offsite behind a firewall and a fourth physical data back-up layer. We evaluated our disaster recovery plan as recent as late-2008, and carefully reviewed how to recover from a disaster situation.

You mention offsite and a 'fourth physical data back-up layer', but why not something offline?

I'm sure they will seriously consider this from now on.

At my work, we have quadruple backups running every 24 hours, every week, and ever month. Plus we run weekly backups that get sent to our Burning Server, that automatically saves the backups to Two Sided DVD's. So there is four backups (plus the backup on the server itself) and a physical DVD copy.

If your running a million dollar operation, you need to treat your data like it is your company... because it is :)


You mention offsite and a 'fourth physical data back-up layer', but why not something offline?

database is hosed royally.. its like someone hit 'shuffle' on the post list. HA.

^ Yep, I'll be back in 5 days to see the progress :)

SoftWareRevue,

I very much appreciate the update concerning the status of WHT in your recent newsletter.

I don't know if it is glitch or not. But now I am receiving a duplicate newsletter sent to the same email address.

Long live WHT! :lovewht:

CP

Sorry to know that and thank you WHT for your efforts. This could happen to ant network.

I hope this will get resolved soon but until then we should all treat WHT as normal and continue to post. :)

I'm sure they will seriously consider this from now on.

At my work, we have quadruple backups running every 24 hours, every week, and ever month. Plus we run weekly backups that get sent to our Burning Server, that automatically saves the backups to Two Sided DVD's. So there is four backups (plus the backup on the server itself) and a physical DVD copy.

If your running a million dollar operation, you need to treat your data like it is your company... because it is :)


hmmm as you see they have physical backups...

What do we know about the damage done?
Have we been able to restore more recent back-ups?

The offsite backup, the onsite backup and the operational data were destroyed by the attacker, so we’ve resorted to a physical back-up of last resort. Unfortunately, we are experiencing difficulty restoring from our most recent physical backup. At this point, October is the most recent backup that we were able to restore. We continue to work to extract data from a more recent set of DVDs.



Sorry to all who's trying to help in the database restoration, but I don't think anyone can do that, because no one knows the system enough... I think the only thing we can do is cluing wht to the attacker...

Terribly sorry to hear about the attack on WHT's database, I hope you can bring the attacker to justice.

I need a signature back!! :( How many posts do i need until i can make one?

SoftWareRevue,

I don't know if it is glitch or not. But now I am receiving a duplicate newsletter sent to the same email address.

Long live WHT! :lovewht:

CP

I also received two emails but they have much bigger fish to fry right now.

I have issues with the new posts not appearing at that page.
Anyone else?

Thanks to WHT and all the staff and community guides who are working very hard to restore WHT. They've restored my premium member status. Thank you :).

Best of luck in restoring everything else as much as you can. These things come unexpectedly and sometimes you can only do so much in response to such things. Best wishes!

I have only been a member on this site for a short time. I think I signed up some time around October as I only seem to have 18 posts. I know I did get up close to 100.

Seems sad to have lost all my posts and my recent thread on uk based reseller hosting options.

I hope that WHT and iNet can fix this site and we can get back up and going. I also know this will take some time.

It is interesting how phpbb.com also got hacked not that long ago either. Why are the hackers seeming to target lots of good community sites at the moment.

It definitely goes to show you need to accomodate for all possible solutions with backups! Even those you haven't thought of. Which is very difficult of course!

I hope that this will allow the WHT community as a whole to learn from it and all to be more security minded.

I think a security section would be appropriate for the site where users can post up security issues and get help with them so that anyone else in the same situation can learn from it.

I look forward to hopefully getting all posts back. It is a shame! I know other users have lost a lot more than me :(

Anyhow enough of this.

I have been thinking about a premium membership for sometime now. I think I will join in the coming weeks to support the community!

Now lets get WHT back on its feet! :P

much bigger fish to fry right now. Them fish never leave an Ed's mind. :P

I need a signature back!! How many posts do i need until i can make one?

From the rules (http://www.webhostingtalk.com/rules.php):

Signatures:
Are a benefit extended to WHT members who have made 10 helpful posts and completed 7 days of registration.

Very sad to hear about this and looking forward to WHT bouncing back from the damage done! I am certain we will all band together and unleash the posting :)

Ten helpful posts and seven days

I need a signature back!! :( How many posts do i need until i can make one?

I hate hackers, and how many time i must wait to have the acount recovered?

I hate hackers, and how many time i must wait to have the acount recovered?

I don't think you can receive your account back if you made it after October 2008. :S

I am very angry, i want to use this prision module with the hacker:

Call FBI
PUSH door //We kick his door
JMP house //We enter to his hause
MOV him //We move him to...
JMP pricion //We ship him to the pricion
INT //We put him into the pricion
// End of prision module
// Writen in ASM by m$.deb

Is there an ETA on when everything will be restored? It shouldnt take this long no matter how big the DB is.

- Daniel :)

Now I can't view any other threads

Clever -_-

Is there an ETA on when everything will be restored? It shouldnt take this long no matter how big the DB is.

- Daniel :)
Depends whether they can get a recent backup. :)

Hello,

I wish WHT good luck on getting the staff restored.

It is really a loss of knowledge for all the world.

Maybe you can start constructing a knowledge base of the main information from topics with a different structure.

There are some knowledges that if they are better structured and easier to access will be even more usefull.

If you think that was the unhappy comments that make someone act maybe set a different site just for comments.
That way who wants to put it down due to it will not take everything down.

It is a chance to think over the structure on how to develop stronger and with a better preparation for the future.

Thank you,

Paulo Santos

Well, I don't appreciate finding out 3 or 4 days later that our email and passwords has be comprimised.

Very unprofessional.

I have been hacked only once in 12 years. Maybe it is because all the patches that are released for the scripts I use are always installed withinh 2 or 3 days.

This is nothing to do with vBulletin.

I'm not sure if it's been asked or answered yet, but will you disclose what flaw the hacker exploited to compromise WHT, so the rest of us can protect ourselves? I'd be happy to call you to speak briefly in person, if you do not want to post that information publicly. Thanks.

I'm not sure if it's been asked or answered yet, but will you disclose what flaw the hacker exploited to compromise WHT, so the rest of us can protect ourselves? I'd be happy to call you to speak briefly in person, if you do not want to post that information publicly. Thanks.


I do not believe that'd be in the best interest of iNet to give out that sort of information, what happens if it were to get leaked and happen again? (Not saying you would)

I have been hacked only once in 12 years. Maybe it is because all the patches that are released for the scripts I use are always installed withinh 2 or 3 days.

Or maybe its because WHT might be completely different than your site? WHT faces a fair amount of attacks, most of them are blocked...its just the nature of the type of popular site. Patches are done as necessary...iNet has a team of talented individuals who keep a close eye on software updates and make changes when appropriate.

I'm not saying that what happened is excusable, but don't try to compare your site to a site like WHT.

We haven't completed a total audit yet. But we're closer to him than he wishes. ;)
Good luck. You are very professional.

Does anyone know what the 2008 WHT hack was? When the hacker posted the user table he mentioned a 2008 hack that WHT tried to cover up.

I did remember few week ago, Douglas posted some thread about an "open letter to vps provider and customer".

could the attack was a reaction to this thread?

Its kind a funny you know, that big forum like wht only got useable physical backup that was 6 months old? While we customer get blame by upstream provider when we lost data by not having a backup,I expect wht got its site backup at least once a month to a physical media, and keep it safe, but it did not.

well, good luck on the restoration.
(loss many post count... :rolleyes: )

Well, i just re-registered my account, but under a different username this time, since i lost my old one.

I guess the question I should ask is I was a community guide, what do i need to do to have that reinstated?

Spoke too soon. Nevermind.

I guess the question I should ask is I was a community guide, what do i need to do to have that reinstated?

Spoke too soon. Nevermind.
You still look like a guide from where I'm sitting :stickout:

I do not believe that'd be in the best interest of iNet to give out that sort of information, what happens if it were to get leaked and happen again? (Not saying you would)

It would appear that they fixed whatever flaw was exploited. It would be good to know what it was, in case other webmasters might be exposed to the same exploit.

From the FAQ on Page 1:
What is WHT focused on doing now?

The first priority, which kicked in immediately upon discovering the hack while in process, was locking down the infrastructure to avoid further damage and restoring the site. We also had to block the potential for a repeat attack.

The more I look at this, the less inclined I am to trust Inet with my PII. This was a no brainer, a complete and total failure in so many regards, and the last time I use this forum.

Bye Bye WHT, good luck, you have lost my trust. I had to reboot my VPS today just due to incoming 'hosting related' SPAM. Wow, I lose 40 unique visitors a month from my signature link.

If you make yourself an authority, ensure that you are, indeed authoritative in the industry that you market. This is just inexcusable on so many levels its not even funny.

Either hire competent people, governed by competent security policies or forget it. My posts have gained you ad clicks, for this, I get downtime due to your incompetence.

Se la vi.

Well, guys/gals.. It sucks badly when this type thing happens, but I for one appreciate the work and effort you folks are putting into restoring things...

Thanks a bunch Ya'll...

Bill

It would appear that they fixed whatever flaw was exploited. It would be good to know what it was, in case other webmasters might be exposed to the same exploit.

From the FAQ on Page 1:

It would actually be better to not post it publicly because then everyone will know how to hack vBulletin just like the last person did.

It would actually be better to not post it publicly because then everyone will know how to hack vBulletin just like the last person did.
It was stated previously this issue was not a result of a flaw within vBulletin.

Well i dont think this was a flaw in the software. For the hacker to gain access to "offsite backup" must either be inside job or gain access to the network via vpn etc..

Out of interest how big is the WHT database? Are we talking 1gb or 50gb?

no big news. i was just wondering why it did not happen before to WHT. it'd be a good learning lesson and exercise for WHT to secure, backup, and restore. in the meantime, is it possible for WHT administrators to reveal non-confidential step-by-step guide to secure, protect and restore?

warm regards,

The more I look at this, the less inclined I am to trust Inet with my PII. This was a no brainer, a complete and total failure in so many regards, and the last time I use this forum.

Bye Bye WHT, good luck, you have lost my trust. I had to reboot my VPS today just due to incoming 'hosting related' SPAM. Wow, I lose 40 unique visitors a month from my signature link.

If you make yourself an authority, ensure that you are, indeed authoritative in the industry that you market. This is just inexcusable on so many levels its not even funny.

Either hire competent people, governed by competent security policies or forget it. My posts have gained you ad clicks, for this, I get downtime due to your incompetence.

Se la vi.

I'm not even going to bother responding to your careless post...


good bye

fyi it seems like the new posts link does not work any more....

that use to be the first place I would go on your site.

... is it possible for WHT administrators to reveal non-confidential step-by-step guide to secure, protect and restore?

warm regards,I'm not sure we could call ourselves an authority in that just yet. But we will be! ;) That being said, there are lots of threads around here on that very topic.

I'm not even going to bother responding to your careless post...


good bye

Better get used to Mike....especially as you may face these type of people one day whilst practising psychiatric medicine. :D

owm

Out of interest how big is the WHT database? Are we talking 1gb or 50gb?

Are you really asking for size of WHT dB? How could you even assume the size is even 50 GB? Even the private messages table would be more than that.

i lost my 500+ post but i never care about

but main thing is lost of most good articles and info

It's funny that the majority of people complaining about this situation have basic accounts with no money paid in this community. It's a free community, which I would assumme 80%+ are non-premium members.

Sop you get access to a free community, possibly make money from the community, gain back-links... the complain when a situation arises... that again, you pay nothing for!?

For most of us... this is free... and you complain? I don't get the mentality of some people. I for one have not lost trust in this community, it's still WHT.

Out of interest how big is the WHT database? Are we talking 1gb or 50gb?

A vbulletin database of approximately 6 million posts like WHT would be somewhere between 6GB and 12GB if they store attachments in the filesystem instead of the database. You very rarely see attachments here so they are probably not much of a factor in database size anyway.

Well, i just re-registered my account, but under a different username this time, since i lost my old one.

Make sure you submit a helpdesk ticket with you new username and your old one in case they get all the old posts back they can merge your two accounts together!

Are you really asking for size of WHT dB? How could you even assume the size is even 50 GB? Even the private messages table would be more than that.

:rolleyes:

Se la vi.

C'est la vie tinkerjim ...

There are two types of nets, those hacked and those that can be hacked. The fact that you are not hacked may only be that you have no content worthwhile hacking. Most hacks are merely drive-by's and basic defense will suffice. However, when we come to hacks like the Heartland breac etc ..

The WHT hack appears to be very sophisticated, determined and initiated long before the actual event most likely.

That said: to the WHT team - best of luck getting everything back to normal, I really feel for you. May you have the pleasure of sitting in court with the hacker in the box.

Surprisingly my account which was created recently can still be accessed :D Thats a good start. Edit: Ok, lost all my post count but nvm with that.

Haven't had the chance to read through this thread as well as the previous one but I'm surprised I haven't got an email prompting me to change my password yet. No doubt the WHT team are working hard on restoring the database but I believe its important that people know their account information may be compromised (those with weaker passwords).

Anyhow, all the best with the restoration work, wonder if the offsite backup runs on windoze where you can just "undelete" the lost mysql files.

my last question here,please tell us clearly it possible to get backup of old data?

if u get the old data what may happen to current post will u merge it?

My thread also deleted regarding to sale :( And i cannot remember the thread name, i was depend on subscribed list

I hope there will be recovery

my last question here,please tell us clearly it possible to get backup of old data?We simply don't know yet. The data recovery company is working on it, but they're not making any promises.

if u get the old data what may happen to current post will u merge it?That may be tricky as well. But we'll certainly try.

Sorry, those aren't clear answers. But we just don't have clear answers for some questions.

Is there is any estimated time for data recovery?

Is there is any estimated time for data recovery?

Please see the post right above yours.

To everyone coming here now, read the whole thread before posting, your question has probably already been answered.

If you're coming here to complain and cry and say you don't trust WHT, get off the internet, period. Hacks will happen, nearly every site will experiance it if they have content worth hacking (and this one is one of those). If you don't understand that, and you are a host, sell out now. Because you obviously don't understand the industry well enough, if you do not even know that.

If you're going to cry about loosing your whole account or whatever, just don't. Especially if you are enjoying this community out of the graciousness (sp?) of iNET's hearts and are on a free account.

Everyone lost posts and a lot of people, myself included, lost their whole accounts. Everyone knows you don't have the same account. If you do not have an account, merely create a new one. Preferably with your old username. If you did not use the same user name, as some of us that had name change tickets pending for a couple of months :), then open a ticket with the helpdesk to let them know your old and new username. They will TRY to merge the accounts together if they are able to recover the data. If not, oh well, start over.

This is a community. The main purpose is to bring hosts and potential clients together, and to share experiances and help with eachother, and just talk about the industry. If it bothers you that much that you lost your account, and this is your real only source of clients, you probably should also get out of the industry, as there are multiple avenues to gain customers.

If you understand what happened just happens some times, and you do not fit into the above categories, please, stay, help everyone out that comes here looking for it, and help get the community back on it's feet.

Is there an ETA on when everything will be restored?

- Daniel :)

Is there an ETA on when everything will be restored?

- Daniel :)No. Sorry.

Is there an ETA on when everything will be restored?

- Daniel :)

I think it's safe to say that iNet is doing everything in its power to restore WHT to its original form. However, there are no promises. We'll have to move on. ;)

Is there an ETA on when everything will be restored?

- Daniel :)

Your answer was provided just a couple of posts above yours. Read the thread please.

<edit>They may not get it restored. They are trying.</edit>

Your answer was provided just a couple of posts above yours. Read the thread please.

<edit>They may not get it restored. They are trying.</edit>
SoftWareRevue has replied to his question directly,"No. Sorry.". Please see that also;).

:p At least the whole not reading a thread thing hasn't gone anywhere with this community :)

:p At least the whole not reading a thread thing hasn't gone anywhere with this community :)
That is right. But when you make a comment like that you must read the thread carefully. Just joking:).

I know, I can't believe I didn't read it carefully. I'll have to make a better shot at it next time :)

Woohoow ... im back as well :D
It sucks this happend, but well WHT will only be stronger after this :)

Are you guys going to start doing physical backups more often? Sounds like it was done bi-annually before.

Good luck!

Are you guys going to start doing physical backups more often? Sounds like it was done bi-annually before.

Good luck!

If you read they did say that they made backups but they where erased by the hacker. The last hard backup they had was from 6 months ago.

Out of curiosity - are there any law enforcement agencies involved in the tracing, arrest and prosecution of the hacker?

Eg: FBI, CIA, Local Police, Etc

Another thing that sucks, is that i had around 30 or so posts and had all the permissions - but i guess i'll have to start again.

If you read they did say that they made backups but they where erased by the hacker. The last hard backup they had was from 6 months ago.

I believe, based on the comments, that they actually put backups on dvd more often but there's a problem with the more recent DVD sets, which they are hoping to fix.

The October backup happened to be the most accessible (and working!) backup they have. Now that we've been posting for a few days, Matt is probably hard at work figuring out how to integrate the two db's nicely (if they are able to recover anything from the newer copies).

It sounds like this guy knew everything about WHT. Maybe he was an ex-employee or someone with absolutely no life at all.

It sounds like this guy knew everything about WHT. Maybe he was an ex-employee or someone with absolutely no life at all.

Well, I think it's safe to say the culprit has no life.

"how can you kill he who has no life?" - South Park

Of course he must have no life at all. This doesn't take an hour, it must have taken him a bit of time.

Out of curiosity - are there any law enforcement agencies involved in the tracing, arrest and prosecution of the hacker?

Eg: FBI, CIA, Local Police, Etc

Another thing that sucks, is that i had around 30 or so posts and had all the permissions - but i guess i'll have to start again.

lol the CIA isn't a Law Enforcement Agency, they are an Intelligence Gathering Agency with no legal jurisdiction ofer the territories of the US.

I would hope they have gotten LE involved. But, they also could not be quite at that point yet.

If you read they did say that they made backups but they where erased by the hacker. The last hard backup they had was from 6 months ago.

Yes, that's why I said physical backups, as in DVD copies. Hackers can't erase that. :)

The thing is, they had hard backups from sooner than that. However, they were unable to restore them for various reasons.

I lost my account, hope you catch who did it! Good Luck!

Keeping backups online is a major mistake of any company. Not testing the physical media for offline backups is another. Lesson learned - reputation tarnished.

Keeping backups online is a major mistake of any company.

It is also important that a company keeps their physical backups in a safe place and they should test their physical backups to make sure that everything is being recorded correctly.

No system is totally secure, and optical 'hard' backups are a major pain and time investment. Online backups are great but there is always a risk when anything is online. Hopefully this incident will teach the value of backups to the many hosts and users of WHT who think they are secure and don't make proper backups.

*No* networked computer today is %100 safe. We don't know what measures WHT took but its fair to say they were much harder to hack than most of the hosts who post here!

Good luck WHT!

No system is totally secure, and optical 'hard' backups are a major pain and time investment. Online backups are great but there is always a risk when anything is online. Hopefully this incident will teach the value of backups to the many hosts and users of WHT who think they are secure and don't make proper backups.

*No* networked computer today is %100 safe. We don't know what measures WHT took but its fair to say they were much harder to hack than most of the hosts who post here!

Good luck WHT!

Even huge websites such as Google, Yahoo, MySpace, YouTube, etc. could be hacked if enough people got together and worked to do it.

Even huge websites such as Google, Yahoo, MySpace, YouTube, etc. could be hacked if enough people got together and worked to do it.
Nothing is totally secure, everything can be hacked in some form.

However a large site could be hacked by one person, hence it's not exactly like having more people increases your chances of a successful hack.

Nothing is totally secure, everything can be hacked in some form.

However a large site could be hacked by one person, hence it's not exactly like having more people increases your chances of a successful hack.

The fewer people involved lessens the chances of someone opening their mouth and you ending up in jail :)

I'm going to close this thread. If you have questions, feel free to ask. If you have answers, I'd encourage you to start a thread in one of our many forums.

In fact, I'd like to encourage anyone reading to help us get back to the normal day-to-day activities around here by exploring the forums, answering questions, asking questions, talking about what's gone on in your corner of the world and helping us rebuild the great WHT content (that we're still working several avenues to restore).

Thanks for everyone's patience and support.