Page 3 of 22 FirstFirst 12345613 ... LastLast
Results 51 to 75 of 537
  1. #51
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    Yes recently registered accounts were lost too. However the work on recovering the backups from corrupted servers is on the way, it make take a while and cost some money, but we all know it is possible, unless the hacker wiped the disk clean, which would possibly take days, and someone would have noticed it befor it's complete.
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!
      0 Not allowed!

  2. #52
    Join Date
    Jan 2006
    Location
    Athens, Greece
    Posts
    1,481
    Of course if anyone is interested there are some jobs still open from 2003
    in the employments forum.
      0 Not allowed!

  3. #53
    Join Date
    May 2008
    Location
    Indore, India
    Posts
    1,723
    Quote Originally Posted by TheHostHouse View Post
    I'd really like to know about the PM issue.

    Have our private messages been compromised? There's a lot of sensitive data there....
    Can't even say about that
      0 Not allowed!

  4. #54
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by a2b2 View Post
    Does the DB include a copy of our PM's etc?
    The tables affected include user, post and thread. Your PMs should be current.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  5. #55
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by ShaunH View Post
    The real question is how the heck did they get in?
    As I mentioned, they gained access via our db servers that they wiped clean (well, maybe I wasn't clear on that). Hopefully forensics can pull enough information off to clear that bit up though.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  6. #56
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by SoftWareRevue View Post
    The tables affected include user, post and thread. Your PMs should be current.
    I think people are asking was the pm table taken, not corrupted?
      0 Not allowed!

  7. #57
    Join Date
    Apr 2008
    Location
    Bury St Edmunds
    Posts
    160
    Quote Originally Posted by SoftWareRevue View Post
    The tables affected include user, post and thread. Your PMs should be current.

    Where not asking if there current where asking weather the hacker has a dump of this data
      0 Not allowed!

  8. #58
    Join Date
    May 2008
    Location
    Indore, India
    Posts
    1,723
    Quote Originally Posted by SoftWareRevue View Post
    The tables affected include user, post and thread. Your PMs should be current.
    They are current but they might've been stolen.
    Last edited by fog; 10-14-2008 at 07:53 PM.
      0 Not allowed!

  9. #59
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Good luck in catching the idiot(s) who did this - there are so many pathetic morons around.

    To clear one thing up - change all passwords which match your WHT one, and obviously change your WHT one too. The fact that they are encrypted with a salt means little since md5 was broken a few years back (I'm surprised vBulletin still use it). It doesn't mean that a hacker can get the plain text (i.e. your actual password) out of the hash, although this has other implications.
      0 Not allowed!

  10. #60
    Join Date
    Sep 2008
    Posts
    191
    Quote Originally Posted by nexbyte View Post
    Ok, so you are an english speaking administrator and your server has been compromised.

    Now you have to:

    - Contact the first bounced IP's ISP in Japan (have fun)
    - They say the connection came from an ISP in Africa (have fun)
    - Well that connection came from Israel (have fun)
    - Well that came from Germany..you get the idea...

    and this can go on for as many IPs as he bounced through. Have fun dealing with those ISPs that are in jurisdictions that do not care about north american law.
    Even then with how a lot of proxies work, how do you plan on tracking down the exact user when they might only have encrypted addresses stored in the logs? It'd be quite a feat to get to the end of things. Heck, they might not have even been using their own net connection to begin with. Wireless? Pinched cable? Easy enough.

    Let's hope WHT secure themselves and don't have a third (that I'm aware of) serious security breach too soon
      0 Not allowed!

  11. #61
    Join Date
    Apr 2008
    Location
    Bury St Edmunds
    Posts
    160
    Ive never understood why hackers once they found a exploit f*ck around with it, id email inet with sensitive data retrieved through the exploit then making them pay me to let them know where it is.

    Hackers are dumb
      0 Not allowed!

  12. #62
    Join Date
    Jul 2008
    Posts
    972
    Quote Originally Posted by racked_solutions View Post
    Ive never understood why hackers once they found a exploit f*ck around with it, id email inet with sensitive data retrieved through the exploit then making them pay me to let them know where it is.

    Hackers are dumb
    That's not how it'd work, they'd email iNet and be told to **** off, then if something happens inet know exactly who it was who leaked the info.
      0 Not allowed!

  13. #63
    Join Date
    Feb 2006
    Location
    Kusadasi, Turkey
    Posts
    3,379
    Quote Originally Posted by racked_solutions View Post
    Where not asking if there current where asking weather the hacker has a dump of this data
    The PM table has around 1,400,000 entries, averaging at 500 bytes per message. This would make the total dump 667 MBs of data.

    The reaction time to the hack attempt was short enough to prevent generation of such a large dump, and prevent it from being downloaded it.

    By comparison, the stolen user table was only 20 MBs in size. And the stolne version was a stripped down version of the user table, to decrease the size.

    So, it's safe to assume the PMs were not stolen in bulk (unless they targeted specific PMs). But looking at the damage done, the hacker was not insterested in a targeted hack, but was interested a bulk clean up. So I would assume the PMs are safe, they are too much to steal.

    And by thw way, what the heck do you share on PMs? Root passwords, credit card numbers? Most important data I transmit is my paypal address, which the hacker can use to make some donation
    Fraud Record - Stop Fraud Clients, Report Abusive Customers.
    █ Combine your efforts to fight misbehaving clients.

    HarzemDesign - Highest quality, well designed and carefully coded hosting designs. Not cheap though.
    █ Large and awesome portfolio, just visit and see!
      0 Not allowed!

  14. #64
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by saintagex View Post
    Whats going on with those of us that have become premium after this backup?
    Sales will be going through receipts and contacting those members.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  15. #65
    I don't know how you stored the backups, but it shouldn't be much of an issue to recover the deleted data if the hacker didn't do too many overwrites. I'm sure you already have a data recovery company on the job though.
    Eleven2 Web Hosting - World-Wide Hosting, Done Right!
      0 Not allowed!

  16. #66
    Join Date
    Jul 2008
    Posts
    972
    Quote Originally Posted by Harzem View Post
    By comparison, the stolen user table was only 20 MBs in size. And the stolne version was a stripped down version of the user table, to decrease the size.
    That's because it was stripped down to only username, salt, email and pw, in reality I'm sure the table is at least 10x that size. The hacker managed to destroy the backups and take a dump of the user table, what's to say they didn't dump the entire DB, but only posted the user table publicly?
      0 Not allowed!

  17. #67
    Join Date
    Aug 2004
    Location
    Canada
    Posts
    3,785
    The scariest part of all of this is we saw a noticable drop in the traffic to our website. Time to diversify my forum whoring
    Tony B. - Chief Executive Officer
    Hawk Host Inc. Proudly serving websites since 2004
    Quality Shared and Cloud Hosting
    PHP 5.2.x - PHP 8.1.X Support!
      0 Not allowed!

  18. #68
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by The Dude View Post
    (It can be done)




    If there's retrievable info on the drive.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  19. #69
    Join Date
    Jul 2005
    Location
    Edinburgh
    Posts
    3,883
    hmm...

    good luck wht

    you have my support as always.

    owm
    ‹(¿)›
    Life's what you make it.
      0 Not allowed!

  20. #70
    Join Date
    Jun 2004
    Location
    Hyderabad India
    Posts
    1,103
    Hi, what about the off site tape backups, say weekly means you might loose only a week data.

    Also i wonder how exactly a backup server can be known to a outsider person and initiate a hack attempt from that host unless he is insider or friend to insider.
      0 Not allowed!

  21. #71
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by ThinkSupport View Post
    I am wondering.. does this mean all those who had signup recently have lost their accounts as well?
    If they signed up after October, of course they haven't signed up.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  22. #72
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by citricsquid View Post
    oh come on, you're not serious, right? You're comfortable knowing that there's hundreds/thousands of people sitting in front of their computers with a copy of your password, and every other members? I know I'm not.
    What scares me more than a double-hashed password of mine being out there (a password I use in only one place and change regularly IMHO) is the fact that if they had full access to the DB servers they *very* easily could have dumped every table and gotten PM's, Premium Member PayPal addresses, etc... There are surely root passwords in PMs from other members - why on earth you would send a root PW in a PM is beyond me but I know a few individuals I speak with on WHT and outside of WHT have sent this information.

    This could end up being catastrophic for iNet/WebHostingTalk if the hackers actually dumped more confidential information - I hope that it's not going to be any larger an issue than it already is but if businesses begin to be compromised due to this and damages caused iNet could find themselves in some *very* hot water very quickly.

    Quote Originally Posted by a2b2 View Post
    Does the DB include a copy of our PM's etc?
    They most certainly had access to the DB server so they theoretically could have dumped any tables they wanted - I wouldn't hold my breath in saying that it it wasn't copied.

    If you passed any sensitive information via PMs or other means on the forum I recommend anybody who did so to *change* the passwords or to take any other necessary security actions as soon as possible.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.
      0 Not allowed!

  23. #73
    Join Date
    Feb 2004
    Location
    Australia
    Posts
    121
    Is this a attack on VB.. some 0day exploit?

    lol each time i post my posts get edited.. ???
    Last edited by strat; 03-23-2009 at 02:10 PM. Reason: An ordering URL would be nice...
      0 Not allowed!

  24. #74
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by strat View Post
    Is this a attack on VB.. some 0day exploit?

    lol each time i post my posts get edited.. ???
    It was a direct hack on the database servers, not a vBulletin exploit.
    Last edited by Wrench; 10-14-2008 at 08:10 PM. Reason: mispelling
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.
      0 Not allowed!

  25. #75
    Join Date
    Apr 2008
    Location
    Bury St Edmunds
    Posts
    160
    Quote Originally Posted by Krazy View Post
    Hi, what about the off site tape backups, say weekly means you might loose only a week data.

    Also i wonder how exactly a backup server can be known to a outsider person and initiate a hack attempt from that host unless he is insider or friend to insider.
    Thats a good point how would a outside hacker find your database server. Im sure you cant publicly access it through protocols such as http. unless they did extensive network scanning and sniffing
      0 Not allowed!

Page 3 of 22 FirstFirst 12345613 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •