Web Hosting Talk : Other Forums : WHT Announcements, Feedback and Questions : Recent WHT down time

[SoftWareRevue]

I reported yesterday that our recent downtime was due to issues with our backup servers followed by the corruption of some db tables from a hack attempt.

We've since learned that this very deliberate, sophisticated and calculated hack against Web Hosting Talk was carried out by gaining access to our offsite backup servers. From our backup servers, the hacker gained access to the WHT db server. The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.

This individual is still in possession of our user table that includes all user names, email addresses and hashed passwords. Absolutely no credit card or PayPal data was compromised.

Passwords are hashed with salt. It would be an unprecedented event to reverse engineer our passwords. I change my password periodically though, so maybe today is a good day for that. Go here to change your password.

My concern is the distribution of your email addresses and the potential spam you may receive. We know the hacker has posted the user table containing email addresses to various places (file sharing sites) and we're working diligently to remove the tables as we find them. If you see the user table posted anywhere, please let us know so we can get it taken off line.

We are working on recovering the deleted data. In the meantime, we've restored to an old db. We cannot yet determine if we can restore to a more recent db backup.

If you have any clues as to the individual who caused this malicious attack on the Web Hosting Talk community, please let me know.

[citricsquid]

At least it's back, I guess. I've only lost 800 posts and countless topics of interest to me...

[CodyRo]

Good luck !

[MikeDVB]

I saw the uploads that you are referring to, I wanted to see how much of my information was there and it's 5400+ pages of account information but only usernames/e-mails/hashed passwords + salt.

Luckily I use a secondary address for forum notifications so I can set it to :blackhole: and just create a new forwarder.

My personal advise is that *EVERYBODY* change their passwords.

[Dan_EZPZ]

Quote:

Originally Posted by MikeDVB

My personal advise is that *EVERYBODY* change their passwords.

My personal advice is that WHT should secure their stuff properly and not just backup to one location.

It's ridiculous!

[MikeDVB]

Quote:

Originally Posted by Dan_EZPZ

My personal advice is that WHT should secure their stuff properly and not just backup to one location.

It's ridiculous!

What has been done, is done - and hopefully it will be a learning experience.

[Mekhu]

Ouchie. Best of luck.

[citricsquid]

Quote:

Originally Posted by MikeDVB

What has been done, is done - and hopefully it will be a learning experience.

oh come on, you're not serious, right? You're comfortable knowing that there's hundreds/thousands of people sitting in front of their computers with a copy of your password, and every other members? I know I'm not.

[pphillips]

Wow, this is disappointing. I hope the lost data can be recovered some how and that you have some luck limiting the distribution of all our email addresses. Major blow to WHT.

Good luck.

[[OutHOST] Mark]

Quote:

Originally Posted by Dan_EZPZ

My personal advice is that WHT should secure their stuff properly and not just backup to one location.

It's ridiculous!

and how many different backup locations do you use?

[xeno007]

Saying "this is unforgivable" may sound too hard. But it really is. WebHostingTalk, a place where we often read "make backup of backup" got hacked and lost their only backup. Great.

[ShaunH]

Quote:

Originally Posted by Dan_EZPZ

My personal advice is that WHT should secure their stuff properly and not just backup to one location.

It's ridiculous!

I hate be like this but I agree.

WHT has has issues like this before if I member correctly.

So now I could be spammed great.

Password changed.

I'm curious as to how they got into the backup server? software, password, or other exploit?

Quote:

Originally Posted by MikeDVB

What has been done, is done - and hopefully it will be a learning experience.

Mike is right but I'm still furious that this happened.

I understand people can get hacked, problems happen. But i would figure there would be at least two back up servers for the forum. Seeing as the forum has been DDoSS or attacked before if I remember correctly.

I know this is no ones fault. But steps need to be taken so this doesn't happen again.

I hate to sound like a whinner but this could happen again.

This is serious breach of security.

[Sam [Vissol]]

I've received about 5 spam e-mails today, I hope it isn't due to this.

[The Dude]

THE BEST THING YOU CAN DO DENNIS IS CHECK THE IP LOGS AND FIND OUT WHO DID THIS AND GO FROM THERE!!

Go back thru EVERY IP UNTIL YOU GET TO THE SCUMBAG WHO DID THIS!! (Its not impossible my friend)

Good luck!

[kazila]

Quote:

Originally Posted by citricsquid

oh come on, you're not serious, right? You're comfortable knowing that there's hundreds/thousands of people sitting in front of their computers with a copy of your password, and every other members? I know I'm not.

Welcome to the Internet.

There's really no reason to make a huge issue out of this. Simply change your password(s) and move on.