Results 1 to 25 of 213
Thread: WHT Data - Q&A Information
-
03-24-2009, 03:36 PM #1Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
WHT Data - Q&A Information
What do we know about the damage done?
This attack was very deliberate, sophisticated and calculated. The attacker was able to circumvent our security measures and access via an arcane backdoor protected by additional firewall. We are still investigating the situation, but we know the attacker infiltrated and deleted the backups first and then deleted three databases: user/post/thread. We have no record or evidence that private message data was accessed. Absolutely no credit card or PayPal data was exposed.
Do we know the motivation behind the attack?
We don’t know enough at this time, so any insight would be purely speculative in nature. WHT is a platform where positive and negative information is shared and exposed about business and individuals. Under TOS policy, we cannot edit or remove user-generated content at the request of an unsatisfied third party. Therefore, WHT tends to become the target for disgruntled individuals and businesses.
Have we been able to restore more recent back-ups?
The offsite backup, the onsite backup and the operational data were destroyed by the attacker, so we’ve resorted to a physical back-up of last resort. Unfortunately, we are experiencing difficulty restoring from our most recent physical backup. At this point, October is the most recent backup that we were able to restore. We continue to work to extract data from a more recent set of DVDs.
What is WHT focused on doing now?
The first priority, which kicked in immediately upon discovering the hack while in process, was locking down the infrastructure to avoid further damage and restoring the site. We also had to block the potential for a repeat attack. Now we are working on investigating how much prior data is restorable, reinstating premium memberships, contacting business partners, and communicating with the community members. We are also doing everything possible to identify the attacker and bring them to justice. Disappointments happen – we are working hard to restore trust among community members and to bring things back to normal.
Is WHT doing anything different due to this attack?
WHT has been targeted before and our infrastructure has withstood previous attacks. However, following this well-planned and targeted attack, we will be altering aspects of our architecture to ensure that this type of attack does not happen again. Needless to say, we have learned from this situation and will address any discrepancies accordingly.
We had three, protected data back-up units with one offsite behind a firewall and a fourth physical data back-up layer. We evaluated our disaster recovery plan as recent as late-2008, and carefully reviewed how to recover from a disaster situation. The attacker appeared to have deliberately targeted our data back-up systems, a scenario that our disaster recovery plan did not fully anticipate. We have implemented changes to our data backup and disaster recovery plans to address this weakness. And we advise others to consider a scenario of deliberate, malicious data destruction in their backup and recovery plans.
What should members do now?
The password encryption technology we use is strong for securing non-financial data. However, we suggest that members change their passwords frequently and do not use the same user name and password for the forum as they may use for more sensitive services like online banking. If a member feels more comfortable changing their password, then we recommend that they do what makes them feel more secure.
A concern is that members may receive more spam because the attacker posted stolen email addresses on file sharing sites. I haven’t personally seen an increase in the amount of spam I usually receive to my email address, but it is a risk that we cannot easily alleviate. As we become aware of specific file sharing sites with these email addresses, we are requesting that the emails be removed promptly. So far, most have been quick to comply.
What if I can’t use my WHT account?
We are temporarily using a version of the database from October 2008. This means that if you joined WHT after October 2008, you’ll need to register again to post now. We may still be able to recover your account, but we don’t know yet. Please register with the same username you used before.
If you joined WHT before October 2008 and get a password error, the system is probably asking for the password you were using in October 2008. If you don’t remember your previous password and have access to the email address for your WHT account in October 2008, please use the password recovery tool.
For help accessing your account, please open a helpdesk ticket.
If you’ve subscribed to a Premium or Corporate membership prior to October 2008, someone from iNET has contacted you by now. If you’ve subscribed (or re-subscribed) since October 2008 and haven’t heard from iNET, please contact us on the helpdesk.
Moving forward ...
We take the protection of user-contributed data very seriously, and we strongly regret what happened. iNET has a sophisticated infrastructure with advanced security. Yet even institutions that spend millions of dollars a year on Internet security are exploited. Anyone recall NASA being hacked some years back?
It’s not what you’ve done, it’s what you do. And from this day forward, we continue.
We’ve been overwhelmed by all the offers of help and support we’ve received from our members. What can I say about that beyond my heartfelt thanks? I love this community!Last edited by SoftWareRevue; 03-24-2009 at 03:40 PM. Reason: Durned typos
There is no best host. There is only the host that's best for you.0
-
03-24-2009, 03:42 PM #2Retired Moderator
- Join Date
- Oct 2003
- Location
- Scotland, UK
- Posts
- 2,916
Great to see these questions all answered in one place.
Here's hoping the data can be recovered.Alasdair
Long time ex-host, ex-billing software owner/developer/support staff. Recent lurker.0
-
03-24-2009, 04:10 PM #3Aspiring Evangelist
- Join Date
- May 2004
- Location
- Singapore
- Posts
- 374
Google cache or archive.org could be used to restore the missing part of WHT if all attempts fail.
0
-
03-24-2009, 04:22 PM #4Web Hosting Master
- Join Date
- Mar 2004
- Posts
- 1,808
Just when you think you have all the technology in place for security, along comes "social engineering". So, with that in mind, there is no such thing as 100% secure. We live, and we learn. I hope to someday have a site as popular and valuable as this one someday so I can set out to make it 100% secure. That is always the goal. Dave
0
-
03-24-2009, 04:29 PM #5Web Hosting Master
- Join Date
- Feb 2006
- Location
- Buffalo, NY
- Posts
- 1,501
So was this purely a exploit / software based intrusion or was there social engineering or the sorts involved?
█ Cody R.
█ Hawk Host Inc. Proudly Serving websites since 2004.
█ Official Let's Encrypt Sponsor0
-
03-24-2009, 04:32 PM #6Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
Last edited by SoftWareRevue; 03-24-2009 at 04:36 PM.
There is no best host. There is only the host that's best for you.0
-
03-24-2009, 04:51 PM #7Web Hosting Master
- Join Date
- Dec 2002
- Location
- Los Angeles
- Posts
- 559
Once the monkeys get into your tree it's difficult to shake them out permanently. You can bet that it was the same person or persons who got in last year, if not them, someone who worked with them or used their information for the second (?), more comprehensive strike.
But to lay blame at the feet of the company that manages this monster is pointless. No one is prepared for every eventuality. No one. Back in the day they used to say the only way to really protect a networked server is to remove it from the network. And not much has changed since then.
You don't have to trust these guys. It's a forum, last time I checked, participation was voluntary. If your trust has been shattered and the foundations of your very existence rocked by this tragedy, then go someplace safe and warm and forget about this beehive. I don't think anyone was cast into a pit of financial ruin or driven to the brink of suicide by this episode. In the grand scheme of things, what's the worst possible outcome? People lose some posts? Your premium membership is unavailable for a few days? Oh my, how will we ever survive?
With everything collapsing and crumbling around the world (hello Iceland!) bitching about this just makes you look like someone with way too much time on their hands. Take a deep breath, pull your socks up, get over it.datapimp - You only get one soul, ya dig?0
-
03-24-2009, 04:51 PM #8Web Hosting Master
- Join Date
- May 2001
- Location
- Dayton, Ohio
- Posts
- 4,977
There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.
Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.Last edited by Mat Sumpter; 03-24-2009 at 04:55 PM.
0
-
03-24-2009, 04:52 PM #9Web Hosting Master
- Join Date
- Nov 2007
- Location
- India
- Posts
- 843
This is the hard time to WHT,now we have to help the community admins to over come the hardtime.
0
-
03-24-2009, 05:02 PM #10Web Hosting Guru
- Join Date
- Jan 2004
- Location
- NJ, USA
- Posts
- 288
Was wondering why my old thread had gone MIA.
Looks like you guys are doing everything you can to prevent something like this from happening again, as well as trying to recover as much information as possible.0
-
03-24-2009, 05:18 PM #11Junior Guru Wannabe
- Join Date
- Oct 2006
- Posts
- 62
Hi Everyone,
To the team working on restoring the site i just want to say good work so far and don't forget to get some restIjan Kruizinga
Crucial Paradigm - Reliable, Professional• 24/7 Support • Web Hosting • Reseller Hosting • Virtual Dedicated Servers • Dedicated Servers • Remote Backup •0
-
03-24-2009, 05:23 PM #12Colocation Guru
- Join Date
- Mar 2009
- Posts
- 1,161
iNet is trying their best to help rectify the issues at hand, complaining about it will not help this situation at all.
Thank you for the brief Q/A as I'm sure many visitors will find this helpful.0
-
03-24-2009, 05:26 PM #13Web Hosting Master
- Join Date
- Feb 2006
- Location
- Buffalo, NY
- Posts
- 1,501
█ Cody R.
█ Hawk Host Inc. Proudly Serving websites since 2004.
█ Official Let's Encrypt Sponsor0
-
03-24-2009, 05:45 PM #14Disabled
- Join Date
- Nov 2003
- Location
- Amidst several dimensions
- Posts
- 4,324
im sure there are numerous people in this community who would be able to easily hand the attacker's ass over to him/her/them if any trackable info about the attacker is released to public.
its stupid to attack internet communities. noone would care about hacking of fbi, cia, nasa sites, some even may approve. but attacking community sites is rather dangerous. i wouldnt do that.0
-
03-24-2009, 05:48 PM #15Web Hosting Master
- Join Date
- Jan 2006
- Location
- Athens, Greece
- Posts
- 1,481
May I ask as per thread title,
is there any chance that there are any traces left from the attackers?0
-
03-24-2009, 05:57 PM #16Web Hosting Master
- Join Date
- Mar 2004
- Posts
- 1,808
0
-
03-24-2009, 06:17 PM #17Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
03-24-2009, 06:22 PM #180
-
03-24-2009, 06:32 PM #19Eternal Member
- Join Date
- Nov 2002
- Location
- Lakeport CA, Clear Lake
- Posts
- 1,856
Thanks for starting this thread and clearing up some of the issues .
0
-
03-24-2009, 06:41 PM #20Web Hosting Master
- Join Date
- Jul 2002
- Location
- Directadmin Core
- Posts
- 770
SWR ... your tenacity and dilligent approach to this is to be commended. Thanks also for your twitter updates through the ordeal.
Good luck tracking the bastards down. Let's move forward and make sure this doesn't happen again. If all the arm chair quarterbacks would stop looking behind them and instead look forward to how to improve things (maybe take into account their own security/backup measures) we can once again become a productive community.
Joehttp://www.hostpc.com
DirectAdmin servers for hosting, resellers and your dedicated needs.
Hosting, Resellers, Dedicated Managed and Unmanaged servers
Hosting since 11/98 - Specializing in DirectAdmin since 8/030
-
03-24-2009, 06:49 PM #21Web Hosting Master
- Join Date
- Sep 2006
- Location
- Cardiff - United Kingdom
- Posts
- 1,569
Out of interest, the "Recent WHT down time" thread recently moved onto encryption and Harzem shown that simply having the password hash and salt cannot actually be a security flaw.
Hence I'm wondering how the hacker was able to login to someone else's account and post on it, considering that there's apparently no way to to login to an account just by knowing the hash?
Were some of the vBulletin software files therefore hacked and changed too?0
-
03-24-2009, 06:49 PM #22Web Hosting Master
- Join Date
- Oct 2008
- Posts
- 2,253
. I just made a database deleted it and got it back with system restore just with the post count corrupted for an old forum db to bad wht cant do this.
and one question. the hacker had to hack the forum before the backup servers right? how would the hacker know the backup servers ip or any information as I dont think its mentioned anywhere.Last edited by darkeden; 03-24-2009 at 07:02 PM.
Leader of the new anti sig spamming club.0
-
03-24-2009, 07:25 PM #23New Member
- Join Date
- Mar 2009
- Posts
- 3
Hello.
I just joined after reading this thread.
Someone must have been adversely affected by the research you guys did.
This indicates you have a habit of being on the right track.
I don't know how I can assist but in light of the fact that my own forum was also attacked just over a month ago, I'm happy to help out.
Keep up the good work.
SiL / IKS / concerned citizen0
-
03-24-2009, 07:30 PM #24Disabled
- Join Date
- Mar 2009
- Location
- Toronto, Canada
- Posts
- 2,570
Thanks for the update and the information in one post.
I have remade an account, unfortunately I was registered on WHT in January 2009.
Hopefully my account along with many others will be restored soon.0
-
03-24-2009, 07:33 PM #25Web Hosting Master
- Join Date
- Aug 2008
- Posts
- 2,469
IMO, no offense it sorta sounds like an inside job. I think this because I don't think anyone would know the details for the iNet backups and such unless they've dealt or worked for iNet past and or present.
0