Page 1 of 22 123411 ... LastLast
Results 1 to 25 of 537
  1. #1
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412

    Recent WHT down time

    I reported yesterday that our recent downtime was due to issues with our backup servers followed by the corruption of some db tables from a hack attempt.

    We've since learned that this very deliberate, sophisticated and calculated hack against Web Hosting Talk was carried out by gaining access to our offsite backup servers. From our backup servers, the hacker gained access to the WHT db server. The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.

    This individual is still in possession of our user table that includes all user names, email addresses and hashed passwords. Absolutely no credit card or PayPal data was compromised.

    Passwords are hashed with salt. It would be an unprecedented event to reverse engineer our passwords. I change my password periodically though, so maybe today is a good day for that. Go here to change your password.

    My concern is the distribution of your email addresses and the potential spam you may receive. We know the hacker has posted the user table containing email addresses to various places (file sharing sites) and we're working diligently to remove the tables as we find them. If you see the user table posted anywhere, please let us know so we can get it taken off line.

    We are working on recovering the deleted data. In the meantime, we've restored to an old db. We cannot yet determine if we can restore to a more recent db backup.

    If you have any clues as to the individual who caused this malicious attack on the Web Hosting Talk community, please let me know.
    There is no best host. There is only the host that's best for you.
      1 Not allowed!

  2. #2
    Join Date
    Jul 2008
    Posts
    972
    At least it's back, I guess. I've only lost 800 posts and countless topics of interest to me...
      1 Not allowed!

  3. #3
    Join Date
    Feb 2006
    Location
    Buffalo, NY
    Posts
    1,501
    Good luck !
    Cody R.
    Hawk Host Inc. Proudly Serving websites since 2004.
    Official Let's Encrypt Sponsor
      1 Not allowed!

  4. #4
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    I saw the uploads that you are referring to, I wanted to see how much of my information was there and it's 5400+ pages of account information but only usernames/e-mails/hashed passwords + salt.

    Luckily I use a secondary address for forum notifications so I can set it to :blackhole: and just create a new forwarder.

    My personal advise is that *EVERYBODY* change their passwords.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.
      1 Not allowed!

  5. #5
    Join Date
    Apr 2007
    Location
    United Kingdom
    Posts
    1,861
    Quote Originally Posted by MikeDVB View Post

    My personal advise is that *EVERYBODY* change their passwords.
    My personal advice is that WHT should secure their stuff properly and not just backup to one location.

    It's ridiculous!
      1 Not allowed!

  6. #6
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by Dan_EZPZ View Post
    My personal advice is that WHT should secure their stuff properly and not just backup to one location.

    It's ridiculous!
    What has been done, is done - and hopefully it will be a learning experience.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.
      1 Not allowed!

  7. #7
    Join Date
    Aug 2001
    Posts
    4,028
    Ouchie. Best of luck.
      0 Not allowed!

  8. #8
    Join Date
    Jul 2008
    Posts
    972
    Quote Originally Posted by MikeDVB View Post
    What has been done, is done - and hopefully it will be a learning experience.
    oh come on, you're not serious, right? You're comfortable knowing that there's hundreds/thousands of people sitting in front of their computers with a copy of your password, and every other members? I know I'm not.
      1 Not allowed!

  9. #9
    Join Date
    May 2003
    Location
    California, USA, Earth
    Posts
    1,098
    Wow, this is disappointing. I hope the lost data can be recovered some how and that you have some luck limiting the distribution of all our email addresses. Major blow to WHT.

    Good luck.
    Blesta - The Billing Platform for Hosting Providers
    Client Management, Billing, & Support Software
    Trial - Demo | 714-923-7325 | Twitter @blesta
      0 Not allowed!

  10. #10
    Join Date
    Jan 2005
    Location
    In your server
    Posts
    2,945
    Quote Originally Posted by Dan_EZPZ View Post
    My personal advice is that WHT should secure their stuff properly and not just backup to one location.

    It's ridiculous!
    and how many different backup locations do you use?
    If you need help about anything to do with WHT, check out the Helpdesk
      0 Not allowed!

  11. #11
    Join Date
    Oct 2008
    Posts
    341
    Saying "this is unforgivable" may sound too hard. But it really is. WebHostingTalk, a place where we often read "make backup of backup" got hacked and lost their only backup. Great.
      0 Not allowed!

  12. #12
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by Dan_EZPZ View Post
    My personal advice is that WHT should secure their stuff properly and not just backup to one location.

    It's ridiculous!
    I hate be like this but I agree.

    WHT has has issues like this before if I member correctly.

    So now I could be spammed great.

    Password changed.

    I'm curious as to how they got into the backup server? software, password, or other exploit?

    Quote Originally Posted by MikeDVB View Post
    What has been done, is done - and hopefully it will be a learning experience.
    Mike is right but I'm still furious that this happened.

    I understand people can get hacked, problems happen. But i would figure there would be at least two back up servers for the forum. Seeing as the forum has been DDoSS or attacked before if I remember correctly.

    I know this is no ones fault. But steps need to be taken so this doesn't happen again.

    I hate to sound like a whinner but this could happen again.

    This is serious breach of security.
    Last edited by ShaunH; 03-23-2009 at 01:15 PM.
      0 Not allowed!

  13. #13
    Join Date
    May 2007
    Location
    Cardiff, United Kingdom
    Posts
    511
    I've received about 5 spam e-mails today, I hope it isn't due to this.
    Sam Asante ~ Web & User Interface Designer ~ SamAsante.com
    World-Class cPanel Themes
    Responsive WHMCS Themes

      0 Not allowed!

  14. #14
    Join Date
    Oct 2002
    Posts
    13,624
    THE BEST THING YOU CAN DO DENNIS IS CHECK THE IP LOGS AND FIND OUT WHO DID THIS AND GO FROM THERE!!

    Go back thru EVERY IP UNTIL YOU GET TO THE SCUMBAG WHO DID THIS!! (Its not impossible my friend)

    Good luck!





    Tinyurl is the answer for posting long urls!!!
      0 Not allowed!

  15. #15
    Join Date
    May 2008
    Location
    Texas
    Posts
    188
    Quote Originally Posted by citricsquid View Post
    oh come on, you're not serious, right? You're comfortable knowing that there's hundreds/thousands of people sitting in front of their computers with a copy of your password, and every other members? I know I'm not.
    Welcome to the Internet.

    There's really no reason to make a huge issue out of this. Simply change your password(s) and move on.
      0 Not allowed!

  16. #16
    Join Date
    Jan 2006
    Location
    Athens, Greece
    Posts
    1,481
    I wonder how people find time to do such things and for what reason.
    Chickens.
      0 Not allowed!

  17. #17
    Join Date
    Feb 2007
    Location
    Isle Of Anglesey, UK
    Posts
    1,468
    I get spammed every day, these things unfortunately do happen.

    Hopefully wht will learn from this, and take any action required.
      0 Not allowed!

  18. #18
    Join Date
    Aug 2001
    Posts
    4,028
    lol, can we just purge the entire forum? 90% of this crap is outdated anyways
      0 Not allowed!

  19. #19
    Join Date
    Jun 2003
    Location
    UK
    Posts
    6,616
    Does the DB include a copy of our PM's etc?
    Russ Foster - Industry Curmudgeon
    Freelance Sysadmin for Hire - email vaserv@gmail.com
      0 Not allowed!

  20. #20
    Join Date
    May 2006
    Location
    Iowa
    Posts
    2,613
    I could not log in with the password I know was set as it was saved in firefox. Well I was able to log in after using the recovery thing.
    So I now have a new password.
    I also have a new password for almost every thing else.
      0 Not allowed!

  21. #21
    Join Date
    Aug 2001
    Posts
    4,028
    Oh wow, I never thought about PM's... likely some extremely sensitive info being exchanged.
      0 Not allowed!

  22. #22
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by Steve_Arm View Post
    I wonder how people find time to do such things and for what reason.
    Chickens.
    I'm guessing either spite or profit. Either way it sucks for us.
      0 Not allowed!

  23. #23
    Join Date
    Oct 2002
    Posts
    13,624
    Quote Originally Posted by HostOrca
    Hopefully wht will learn from this, and take any action required.
    What action??

    This is a stupid hacker with NO LIFE,you cant predict what they might do ESPECIALLY IF THEY THINK THEY ARE UNSTOPPABLE...

    The truth is: THEY ARE NOT.. IF ENOUGH TIME WAS DEVOTED,THIER IP CAN BE TRACKED DOWN!! (Logs,etc) People just dont seem to care enough to track anyone down and its sad...... (I HOPE DENNIS WILL TAKE MY ADVICE AND TRY)





    Tinyurl is the answer for posting long urls!!!
      0 Not allowed!

  24. #24
    Join Date
    Apr 2007
    Location
    United Kingdom
    Posts
    1,861
    Quote Originally Posted by railto View Post
    and how many different backup locations do you use?
    Three, thanks for asking.
      0 Not allowed!

  25. #25
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by The Dude View Post
    What action??

    This is a stupid hacker with NO LIFE,you cant predict what they might do ESPECIALLY IF THEY THINK THEY ARE UNSTOPPABLE...

    The truth is: THEY ARE NOT.. IF ENOUGH TIME WAS DEVOTED,THIER IP CAN BE TRACKED DOWN!! (Logs,etc) People just dont seem to care enough to track anyone down and its sad...... (I HOPE DENNIS WILL TAKE MY ADVICE AND TRY)




    No need to shout friend

    I'm just guessing here, but any hacker worth their salt probably at a minimum uses a chain of proxy addresses so they can't be tracked. I'm sure other methods were used as well.

    The real question is how the heck did they get in?

    Thats where the real question lies.
    Last edited by ShaunH; 03-23-2009 at 01:28 PM.
      0 Not allowed!

Page 1 of 22 123411 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •