Results 1 to 25 of 537
Thread: Recent WHT down time
-
03-23-2009, 12:55 PM #1Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
Recent WHT down time
I reported yesterday that our recent downtime was due to issues with our backup servers followed by the corruption of some db tables from a hack attempt.
We've since learned that this very deliberate, sophisticated and calculated hack against Web Hosting Talk was carried out by gaining access to our offsite backup servers. From our backup servers, the hacker gained access to the WHT db server. The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.
This individual is still in possession of our user table that includes all user names, email addresses and hashed passwords. Absolutely no credit card or PayPal data was compromised.
Passwords are hashed with salt. It would be an unprecedented event to reverse engineer our passwords. I change my password periodically though, so maybe today is a good day for that. Go here to change your password.
My concern is the distribution of your email addresses and the potential spam you may receive. We know the hacker has posted the user table containing email addresses to various places (file sharing sites) and we're working diligently to remove the tables as we find them. If you see the user table posted anywhere, please let us know so we can get it taken off line.
We are working on recovering the deleted data. In the meantime, we've restored to an old db. We cannot yet determine if we can restore to a more recent db backup.
If you have any clues as to the individual who caused this malicious attack on the Web Hosting Talk community, please let me know.There is no best host. There is only the host that's best for you.1
-
03-23-2009, 12:59 PM #2Web Hosting Master
- Join Date
- Jul 2008
- Posts
- 972
At least it's back, I guess. I've only lost 800 posts and countless topics of interest to me...
1
-
03-23-2009, 01:01 PM #3Web Hosting Master
- Join Date
- Feb 2006
- Location
- Buffalo, NY
- Posts
- 1,501
Good luck !
█ Cody R.
█ Hawk Host Inc. Proudly Serving websites since 2004.
█ Official Let's Encrypt Sponsor1
-
03-23-2009, 01:01 PM #4Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
I saw the uploads that you are referring to, I wanted to see how much of my information was there and it's 5400+ pages of account information but only usernames/e-mails/hashed passwords + salt.
Luckily I use a secondary address for forum notifications so I can set it to :blackhole: and just create a new forwarder.
My personal advise is that *EVERYBODY* change their passwords.█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.1
-
03-23-2009, 01:05 PM #5Web Hosting Master
- Join Date
- Apr 2007
- Location
- United Kingdom
- Posts
- 1,861
1
-
03-23-2009, 01:06 PM #6Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,196
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,700 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.1
-
03-23-2009, 01:07 PM #7Evenly Divided
- Join Date
- Aug 2001
- Posts
- 4,028
Ouchie. Best of luck.
0
-
03-23-2009, 01:07 PM #8Web Hosting Master
- Join Date
- Jul 2008
- Posts
- 972
1
-
03-23-2009, 01:08 PM #9Hosting Billing Master
- Join Date
- May 2003
- Location
- California, USA, Earth
- Posts
- 1,098
Wow, this is disappointing. I hope the lost data can be recovered some how and that you have some luck limiting the distribution of all our email addresses. Major blow to WHT.
Good luck.0
-
03-23-2009, 01:08 PM #10Retired Moderator
- Join Date
- Jan 2005
- Location
- In your server
- Posts
- 2,945
If you need help about anything to do with WHT, check out the Helpdesk0
-
03-23-2009, 01:08 PM #11Web Hosting Guru
- Join Date
- Oct 2008
- Posts
- 341
Saying "this is unforgivable" may sound too hard. But it really is. WebHostingTalk, a place where we often read "make backup of backup" got hacked and lost their only backup. Great.
0
-
03-23-2009, 01:08 PM #12Junior Guru
- Join Date
- Aug 2008
- Posts
- 176
I hate be like this but I agree.
WHT has has issues like this before if I member correctly.
So now I could be spammed great.
Password changed.
I'm curious as to how they got into the backup server? software, password, or other exploit?
Mike is right but I'm still furious that this happened.
I understand people can get hacked, problems happen. But i would figure there would be at least two back up servers for the forum. Seeing as the forum has been DDoSS or attacked before if I remember correctly.
I know this is no ones fault. But steps need to be taken so this doesn't happen again.
I hate to sound like a whinner but this could happen again.
This is serious breach of security.Last edited by ShaunH; 03-23-2009 at 01:15 PM.
0
-
03-23-2009, 01:10 PM #13Web Hosting Evangelist
- Join Date
- May 2007
- Location
- Cardiff, United Kingdom
- Posts
- 511
I've received about 5 spam e-mails today, I hope it isn't due to this.
■ Sam Asante ~ Web & User Interface Designer ~ SamAsante.com
■ World-Class cPanel Themes
■ Responsive WHMCS Themes
0
-
03-23-2009, 01:11 PM #14An Awesome Dude
- Join Date
- Oct 2002
- Posts
- 13,624
THE BEST THING YOU CAN DO DENNIS IS CHECK THE IP LOGS AND FIND OUT WHO DID THIS AND GO FROM THERE!!
Go back thru EVERY IP UNTIL YOU GET TO THE SCUMBAG WHO DID THIS!! (Its not impossible my friend)
Good luck!
Tinyurl is the answer for posting long urls!!!0
-
03-23-2009, 01:11 PM #15Junior Guru
- Join Date
- May 2008
- Location
- Texas
- Posts
- 188
0
-
03-23-2009, 01:12 PM #16Web Hosting Master
- Join Date
- Jan 2006
- Location
- Athens, Greece
- Posts
- 1,481
I wonder how people find time to do such things and for what reason.
Chickens.0
-
03-23-2009, 01:14 PM #17Best Customer Service..ALWAYS!
- Join Date
- Feb 2007
- Location
- Isle Of Anglesey, UK
- Posts
- 1,468
I get spammed every day, these things unfortunately do happen.
Hopefully wht will learn from this, and take any action required.0
-
03-23-2009, 01:16 PM #18Evenly Divided
- Join Date
- Aug 2001
- Posts
- 4,028
lol, can we just purge the entire forum? 90% of this crap is outdated anyways
0
-
03-23-2009, 01:17 PM #19Web Hosting Master
- Join Date
- Jun 2003
- Location
- UK
- Posts
- 6,616
Does the DB include a copy of our PM's etc?
Russ Foster - Industry Curmudgeon
Freelance Sysadmin for Hire - email vaserv@gmail.com0
-
03-23-2009, 01:18 PM #20Web Hosting Master
- Join Date
- May 2006
- Location
- Iowa
- Posts
- 2,613
I could not log in with the password I know was set as it was saved in firefox. Well I was able to log in after using the recovery thing.
So I now have a new password.
I also have a new password for almost every thing else.0
-
03-23-2009, 01:18 PM #21Evenly Divided
- Join Date
- Aug 2001
- Posts
- 4,028
Oh wow, I never thought about PM's... likely some extremely sensitive info being exchanged.
0
-
03-23-2009, 01:18 PM #22Junior Guru
- Join Date
- Aug 2008
- Posts
- 176
0
-
03-23-2009, 01:18 PM #23An Awesome Dude
- Join Date
- Oct 2002
- Posts
- 13,624
Originally Posted by HostOrca
This is a stupid hacker with NO LIFE,you cant predict what they might do ESPECIALLY IF THEY THINK THEY ARE UNSTOPPABLE...
The truth is: THEY ARE NOT.. IF ENOUGH TIME WAS DEVOTED,THIER IP CAN BE TRACKED DOWN!! (Logs,etc) People just dont seem to care enough to track anyone down and its sad...... (I HOPE DENNIS WILL TAKE MY ADVICE AND TRY)
Tinyurl is the answer for posting long urls!!!0
-
03-23-2009, 01:19 PM #24Web Hosting Master
- Join Date
- Apr 2007
- Location
- United Kingdom
- Posts
- 1,861
0
-
03-23-2009, 01:21 PM #25Junior Guru
- Join Date
- Aug 2008
- Posts
- 176
No need to shout friend
I'm just guessing here, but any hacker worth their salt probably at a minimum uses a chain of proxy addresses so they can't be tracked. I'm sure other methods were used as well.
The real question is how the heck did they get in?
Thats where the real question lies.Last edited by ShaunH; 03-23-2009 at 01:28 PM.
0