Page 1 of 14 1234 11 ... LastLast
Results 1 to 40 of 537
  1. #1
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,189

    Recent WHT down time

    I reported yesterday that our recent downtime was due to issues with our backup servers followed by the corruption of some db tables from a hack attempt.

    We've since learned that this very deliberate, sophisticated and calculated hack against Web Hosting Talk was carried out by gaining access to our offsite backup servers. From our backup servers, the hacker gained access to the WHT db server. The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.

    This individual is still in possession of our user table that includes all user names, email addresses and hashed passwords. Absolutely no credit card or PayPal data was compromised.

    Passwords are hashed with salt. It would be an unprecedented event to reverse engineer our passwords. I change my password periodically though, so maybe today is a good day for that. Go here to change your password.

    My concern is the distribution of your email addresses and the potential spam you may receive. We know the hacker has posted the user table containing email addresses to various places (file sharing sites) and we're working diligently to remove the tables as we find them. If you see the user table posted anywhere, please let us know so we can get it taken off line.

    We are working on recovering the deleted data. In the meantime, we've restored to an old db. We cannot yet determine if we can restore to a more recent db backup.

    If you have any clues as to the individual who caused this malicious attack on the Web Hosting Talk community, please let me know.
    There is no best host. There is only the host that's best for you.
      1 Not allowed!

  2. #2
    Join Date
    Jul 2008
    Posts
    972
    At least it's back, I guess. I've only lost 800 posts and countless topics of interest to me...
      1 Not allowed!

  3. #3
    Join Date
    Feb 2006
    Location
    Buffalo NY
    Posts
    1,330
    Good luck !
    Cody R.
    Hawk Host Inc. Proudly Serving websites since 2004.
      1 Not allowed!

  4. #4
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,057
    I saw the uploads that you are referring to, I wanted to see how much of my information was there and it's 5400+ pages of account information but only usernames/e-mails/hashed passwords + salt.

    Luckily I use a secondary address for forum notifications so I can set it to :blackhole: and just create a new forwarder.

    My personal advise is that *EVERYBODY* change their passwords.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/
      1 Not allowed!

  5. #5
    Join Date
    Apr 2007
    Location
    United Kingdom
    Posts
    1,685
    Quote Originally Posted by MikeDVB View Post

    My personal advise is that *EVERYBODY* change their passwords.
    My personal advice is that WHT should secure their stuff properly and not just backup to one location.

    It's ridiculous!
    EZPZ Hosting - Dependable and Affordable Web Hosting
    LiteSpeed SSD Powered cPanel Shared & Reseller Hosting | Budget VPS, Managed VPS and Dedicated
    Reseller Hosting Specialists | WHMCS-Based End User Support | Unlimited SSLs | UK and USA
    99.9% Uptime Guarantee | 24/7 Support | 30 Day Money Back Guarantee
      1 Not allowed!

  6. #6
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    16,057
    Quote Originally Posted by Dan_EZPZ View Post
    My personal advice is that WHT should secure their stuff properly and not just backup to one location.

    It's ridiculous!
    What has been done, is done - and hopefully it will be a learning experience.
    Michael Denney - MDDHosting LLC
    New shared plans for 2016! Check them out!
    Highly Available Shared, Premium, Reseller, and VPS
    http://www.mddhosting.com/
      1 Not allowed!

  7. #7
    Join Date
    Aug 2001
    Posts
    4,028
    Ouchie. Best of luck.
      0 Not allowed!

  8. #8
    Join Date
    Jul 2008
    Posts
    972
    Quote Originally Posted by MikeDVB View Post
    What has been done, is done - and hopefully it will be a learning experience.
    oh come on, you're not serious, right? You're comfortable knowing that there's hundreds/thousands of people sitting in front of their computers with a copy of your password, and every other members? I know I'm not.
      1 Not allowed!

  9. #9
    Join Date
    May 2003
    Location
    California, USA, Earth
    Posts
    1,046
    Wow, this is disappointing. I hope the lost data can be recovered some how and that you have some luck limiting the distribution of all our email addresses. Major blow to WHT.

    Good luck.
    Blesta - Professional Billing Software
    Innovation that benefits the user experience
    Trial - Demo | 866.478.7567 | Twitter @blesta
      0 Not allowed!

  10. #10
    Join Date
    Jan 2005
    Location
    In your server
    Posts
    2,679
    Quote Originally Posted by Dan_EZPZ View Post
    My personal advice is that WHT should secure their stuff properly and not just backup to one location.

    It's ridiculous!
    and how many different backup locations do you use?
    If you need help about anything to do with WHT, check out the Helpdesk
      0 Not allowed!

  11. #11
    Join Date
    Oct 2008
    Posts
    313
    Saying "this is unforgivable" may sound too hard. But it really is. WebHostingTalk, a place where we often read "make backup of backup" got hacked and lost their only backup. Great.
      0 Not allowed!

  12. #12
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by Dan_EZPZ View Post
    My personal advice is that WHT should secure their stuff properly and not just backup to one location.

    It's ridiculous!
    I hate be like this but I agree.

    WHT has has issues like this before if I member correctly.

    So now I could be spammed great.

    Password changed.

    I'm curious as to how they got into the backup server? software, password, or other exploit?

    Quote Originally Posted by MikeDVB View Post
    What has been done, is done - and hopefully it will be a learning experience.
    Mike is right but I'm still furious that this happened.

    I understand people can get hacked, problems happen. But i would figure there would be at least two back up servers for the forum. Seeing as the forum has been DDoSS or attacked before if I remember correctly.

    I know this is no ones fault. But steps need to be taken so this doesn't happen again.

    I hate to sound like a whinner but this could happen again.

    This is serious breach of security.
    Last edited by ShaunH; 03-23-2009 at 01:15 PM.
      0 Not allowed!

  13. #13
    Join Date
    May 2007
    Location
    Cardiff, United Kingdom
    Posts
    507
    I've received about 5 spam e-mails today, I hope it isn't due to this.
    Sam Asante ~ Web & User Interface Designer ~ SamAsante.com
    World-Class cPanel Themes
    Responsive WHMCS Themes

      0 Not allowed!

  14. #14
    Join Date
    Oct 2002
    Posts
    13,277
    THE BEST THING YOU CAN DO DENNIS IS CHECK THE IP LOGS AND FIND OUT WHO DID THIS AND GO FROM THERE!!

    Go back thru EVERY IP UNTIL YOU GET TO THE SCUMBAG WHO DID THIS!! (Its not impossible my friend)

    Good luck!





    Tinyurl is the answer for posting long urls!!!
      0 Not allowed!

  15. #15
    Join Date
    May 2008
    Location
    Texas
    Posts
    188
    Quote Originally Posted by citricsquid View Post
    oh come on, you're not serious, right? You're comfortable knowing that there's hundreds/thousands of people sitting in front of their computers with a copy of your password, and every other members? I know I'm not.
    Welcome to the Internet.

    There's really no reason to make a huge issue out of this. Simply change your password(s) and move on.
      0 Not allowed!

  16. #16
    Join Date
    Jan 2006
    Location
    Athens, Greece
    Posts
    1,479
    I wonder how people find time to do such things and for what reason.
    Chickens.
      0 Not allowed!

  17. #17
    Join Date
    Feb 2007
    Location
    United Kingdom
    Posts
    1,245
    I get spammed every day, these things unfortunately do happen.

    Hopefully wht will learn from this, and take any action required.
    Hosting Community Talk - A new community orientated Webhosting discussion, guides, and industry news forum. Why not JOIN TODAY!
    My North Wales - A Community/Tourism discussion forum for residents and visitors to North Wales, United Kingdom.
      0 Not allowed!

  18. #18
    Join Date
    Aug 2001
    Posts
    4,028
    lol, can we just purge the entire forum? 90% of this crap is outdated anyways
      0 Not allowed!

  19. #19
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,601
    Does the DB include a copy of our PM's etc?
    Russ Foster - Industry Curmudgeon
      0 Not allowed!

  20. #20
    Join Date
    May 2006
    Location
    Iowa
    Posts
    2,612
    I could not log in with the password I know was set as it was saved in firefox. Well I was able to log in after using the recovery thing.
    So I now have a new password.
    I also have a new password for almost every thing else.
      0 Not allowed!

  21. #21
    Join Date
    Aug 2001
    Posts
    4,028
    Oh wow, I never thought about PM's... likely some extremely sensitive info being exchanged.
      0 Not allowed!

  22. #22
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by Steve_Arm View Post
    I wonder how people find time to do such things and for what reason.
    Chickens.
    I'm guessing either spite or profit. Either way it sucks for us.
      0 Not allowed!

  23. #23
    Join Date
    Oct 2002
    Posts
    13,277
    Quote Originally Posted by HostOrca
    Hopefully wht will learn from this, and take any action required.
    What action??

    This is a stupid hacker with NO LIFE,you cant predict what they might do ESPECIALLY IF THEY THINK THEY ARE UNSTOPPABLE...

    The truth is: THEY ARE NOT.. IF ENOUGH TIME WAS DEVOTED,THIER IP CAN BE TRACKED DOWN!! (Logs,etc) People just dont seem to care enough to track anyone down and its sad...... (I HOPE DENNIS WILL TAKE MY ADVICE AND TRY)





    Tinyurl is the answer for posting long urls!!!
      0 Not allowed!

  24. #24
    Join Date
    Apr 2007
    Location
    United Kingdom
    Posts
    1,685
    Quote Originally Posted by railto View Post
    and how many different backup locations do you use?
    Three, thanks for asking.
    EZPZ Hosting - Dependable and Affordable Web Hosting
    LiteSpeed SSD Powered cPanel Shared & Reseller Hosting | Budget VPS, Managed VPS and Dedicated
    Reseller Hosting Specialists | WHMCS-Based End User Support | Unlimited SSLs | UK and USA
    99.9% Uptime Guarantee | 24/7 Support | 30 Day Money Back Guarantee
      0 Not allowed!

  25. #25
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by The Dude View Post
    What action??

    This is a stupid hacker with NO LIFE,you cant predict what they might do ESPECIALLY IF THEY THINK THEY ARE UNSTOPPABLE...

    The truth is: THEY ARE NOT.. IF ENOUGH TIME WAS DEVOTED,THIER IP CAN BE TRACKED DOWN!! (Logs,etc) People just dont seem to care enough to track anyone down and its sad...... (I HOPE DENNIS WILL TAKE MY ADVICE AND TRY)




    No need to shout friend

    I'm just guessing here, but any hacker worth their salt probably at a minimum uses a chain of proxy addresses so they can't be tracked. I'm sure other methods were used as well.

    The real question is how the heck did they get in?

    Thats where the real question lies.
    Last edited by ShaunH; 03-23-2009 at 01:28 PM.
      0 Not allowed!

  26. #26
    Join Date
    May 2006
    Location
    Iowa
    Posts
    2,612
    Quote Originally Posted by ShaunH View Post
    No need to shout friend

    I'm just guessing here but any hacker worth their salt probably at a minimum uses a chain of proxy addresses so they can't be tracked and I'm other methods.

    The real question is how the heck did they get in?

    Thats where the real question lies.
    I agree with you.
    Last edited by KarlZimmer; 10-14-2008 at 06:59 PM. Reason: Mis-spelling
      0 Not allowed!

  27. #27
    Join Date
    Sep 2008
    Posts
    191
    Quote Originally Posted by MikeDVB View Post
    What has been done, is done - and hopefully it will be a learning experience.
    The thing is, this isn't the first time that WHT has been compromised. Remember them having C99 on their site?

    Having one back up server is a pretty big mistake. Figured that having their one and only backup server going offline at the same time was a bit strange.
      0 Not allowed!

  28. #28
    Join Date
    Apr 2004
    Location
    SF Bay Area
    Posts
    877
    Quote Originally Posted by kazila View Post
    There's really no reason to make a huge issue out of this. Simply change your password(s) and move on.
    Password compromise is unfortunately commonplace. I've had my ATM card replaced twice in a year's time because their database was compromised.

    The bigger issue, of course, is the massive data loss that has apparently occurred and the fact that a sophisticated hacker could take out a million-dollar business.

    I think WHT will be able to pick up the pieces but their credibility is definitely taking a huge hit from this - in my estimate anyway. This kind of thing can shutter a business quite easily. If they can get their data back - great - but if they find they just have to roll back 7 months - we're all going to be scratching our heads and wondering if this is the best place to do business. Well, maybe I'll be the only one, but I doubt it.

    WHT/iNET will take away a lot of tough lessons from this issue I'm sure. I can't imagine the post-mortem will be pretty at all.

    In any case thanks for the updates.
      0 Not allowed!

  29. #29
    Join Date
    Apr 2004
    Location
    Singapore
    Posts
    1,506
    I guess the backup should be locked out of public access and via private VPN to access it. I guess RackSpace can arrange this ? =)

    Well, thanks for the hard work to bring this back online.
    tanfwc
    Singapore Managed Colocation
    Singapore BGP Announcement
      0 Not allowed!

  30. #30
    Join Date
    Apr 2008
    Location
    Bury St Edmunds
    Posts
    158
    Great this is the second time a major forum ive been on has been hacked and user tables distributed e.g recent phpbb.com hack fiasco

    As for the loss of data im not bothered too much regarding the number of posts ive made - while i do think this does provide 'rep' on forums like this im more annoyed over the actual content lost, wht is like a web hosting encyclopaedia and alot of people effort has just been wasted building up this knowledge bank.

    As for the backup situation inet and rackspace should be ashamed of themselves really only having one on site backup server. WHT preaches about having backup procedures but yet it has a crap one of that and rackspace are supposed to be managed specialist why didnt they recommend more than one server or a off site server, would have been a easy $$$ for them knowing Inet can obviously afford it

    Hopefully the advertisers will be credited for the downtime, funny thing is i discovered the downtime by coming hereto buy premium membership but now im not too sure i want it now,knowing that some retard has all my user details

    ---Edit---
    Just read some post while making mine regarding the pm tables compromised? if so that is unforgivable the amount of sensitive data stored there isnt worth thinnking about
    Last edited by racked_solutions; 03-23-2009 at 01:34 PM.
      0 Not allowed!

  31. #31
    Join Date
    Jun 2008
    Posts
    35
    I'm just glad you're back. Happily, I use gmail for all forums etc. so the spam doesn't matter. I'd never sign up to a forum with one of my domains' addresses.
      0 Not allowed!

  32. #32
    Join Date
    May 2003
    Location
    Texas
    Posts
    149
    Whats going on with those of us that have become premium after this backup?
    DDoS Protected Chicago and New York Virtual Private Servers with INSTANT setup!
    RAID-10 OpenVZ Virtual Private Servers with hundreds of OS templates!
    CometVPS.com - "The" definition of personable support, that's us!
    Use coupon "50FORLIFE" for 50% off the life of ANY plan!
      0 Not allowed!

  33. #33
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,270
    I've seen the files too, and the password hashes.

    vBulletin uses a sophisticated hashing algorithm, it uses md5 to hash the passwords once, then adds a salt next to it, and hashes again.

    Although the stolen info has these hashes, it is absolutely impossible to recover your passwords from these hashes. I haven't changed my password (really) and I see no reason to do so.

    However, the stolen table makes your passwords vulnerable to dictionary attacks. If your password is a dictionary word (one word) or a simple series of numbers (like 654321), then your passwords are somewhat vulnerable.

    Still, the salting mechanism in vBulletin adds 2^18 = 262144 times more difficulty to a general dictionary based attack, so the chances of your passwords being revealed is extremely low.

    For example, the stolen info about MY account is this:
    Password: 3248b2676776395e4336b32b862f1301 Salt: "%M

    My password is a complex one (with numbers, capitals and punctuations), it is first hashed to some large string, then the salt added, then hashed again.

    I have no worry revealing my stolen password details here, if any have the stolen data, you can easily publicly verify that the information I posted here is true. I can post my own details here because there is no way a hacker can break it with the current amount of technology he might possibly have (even a cluster of PS3s).

    However as I said, dictionary words have a higher chance of being cracked, but this possibility always exists with weak passwords, stolen or not.

    As for the email addresses, yes they are revealed too, but I already get a lot of spam everyday and I don't think I'll be effected too much

    And as for the recent posts and information, I share your concerns and I hope some data recovery company can recover the data in the corrupted servers.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!
      0 Not allowed!

  34. #34
    Join Date
    May 2008
    Location
    Indore, India
    Posts
    1,541
    Well, I've lost my Premium Membership, posts & changed username
      0 Not allowed!

  35. #35
    Join Date
    Oct 2002
    Location
    Canada
    Posts
    3,100
    I do not know vbulletin that well, but my guess is that only way to get passwords is to test them against some dictionary / common password list and then compare hashes to hashes stored in the database. In short, if you think your password might appear on such list at this moment someone already knows what it is and they have your email address too, so if you used the same password for anything else, it is time to start panicking.

    <edit>Ok, I was right, but too late it seems </edit>
      0 Not allowed!

  36. #36
    Join Date
    Oct 2002
    Posts
    13,277
    Quote Originally Posted by ShaunH
    I'm just guessing here, but any hacker worth their salt probably at a minimum uses a chain of proxy addresses so they can't be tracked.
    Yes well you go thru EVERY IP YOU GET and continue until you get his.. (It can be done)





    Tinyurl is the answer for posting long urls!!!
      0 Not allowed!

  37. #37
    Join Date
    Sep 2008
    Posts
    191
    Quote Originally Posted by The Dude View Post
    Yes well you go thru EVERY IP YOU GET and continue until you get his.. (It can be done)




    Good luck with that even if they do log them.
      0 Not allowed!

  38. #38
    Join Date
    Feb 2007
    Location
    United Kingdom
    Posts
    1,245
    Quote Originally Posted by The Dude View Post
    What action??
    I meant they can try to find out how they did it, close the vulnerability, and possibly take other measures.

    Oh, and try to find the lame/useless/layabout/scum* who did this.

    *Choose the most apropriate.

    FOOTNOTE:

    I would definetly change your password as a precaution, and if you use the same password elsewhere change that as well.

    Better safe than sorry
    Hosting Community Talk - A new community orientated Webhosting discussion, guides, and industry news forum. Why not JOIN TODAY!
    My North Wales - A Community/Tourism discussion forum for residents and visitors to North Wales, United Kingdom.
      0 Not allowed!

  39. #39
    Join Date
    May 2006
    Location
    Iowa
    Posts
    2,612
    Quote Originally Posted by Harzem View Post
    I've seen the files too, and the password hashes.

    vBulletin uses a sophisticated hashing algorithm, it uses md5 to hash the passwords once, then adds a salt next to it, and hashes again.

    Although the stolen info has these hashes, it is absolutely impossible to recover your passwords from these hashes. I haven't changed my password (really) and I see no reason to do so.

    However, the stolen table makes your passwords vulnerable to dictionary attacks. If your password is a dictionary word (one word) or a simple series of numbers (like 654321), then your passwords are somewhat vulnerable.

    Still, the salting mechanism in vBulletin adds 2^18 = 262144 times more difficulty to a general dictionary based attack, so the chances of your passwords being revealed is extremely low.

    For example, the stolen info about MY account is this:
    Password: 3248b2676776395e4336b32b862f1301 Salt: "%M

    My password is a complex one (with numbers, capitals and punctuations), it is first hashed to some large string, then the salt added, then hashed again.

    I have no worry revealing my stolen password details here, if any have the stolen data, you can easily publicly verify that the information I posted here is true. I can post my own details here because there is no way a hacker can break it with the current amount of technology he might possibly have (even a cluster of PS3s).

    However as I said, dictionary words have a higher chance of being cracked, but this possibility always exists with weak passwords, stolen or not.

    As for the email addresses, yes they are revealed too, but I already get a lot of spam everyday and I don't think I'll be effected too much

    And as for the recent posts and information, I share your concerns and I hope some data recovery company can recover the data in the corrupted servers.

    I used a random password generator.
      0 Not allowed!

  40. #40
    So, the last offsite backup was made in October 2008?
      0 Not allowed!

Page 1 of 14 1234 11 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •