Page 4 of 22 FirstFirst 123456714 ... LastLast
Results 76 to 100 of 537
  1. #76
    Join Date
    Feb 2004
    Location
    Australia
    Posts
    121
    Quote Originally Posted by MikeDVB View Post
    It was a direct hack on the database servers, not a vBulletin exploit.
    Thought so.. just checking.. thanks
      0 Not allowed!

  2. #77
    Join Date
    Jan 2004
    Posts
    1,184
    This is very said.... not the hack but the backup part....

    The hack can happen to anyone but not having backups and making it securely it's a BIG mistake....

    Mable it's a fall that needed to be taken to learn the lesson.


    Any way good luck guys!

    PS: Mind telling us how heavy is wht (backup wise curios)?
      0 Not allowed!

  3. #78
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by racked_solutions View Post
    Thats a good point how would a outside hacker find your database server. Im sure you cant publicly access it through protocols such as http. unless they did extensive network scanning and sniffing
    Or the security wasn't as good as it should have been (i.e. publicly available DB servers). Who knows, it's pure speculation at this point and I'm sure WebHostingTalk isn't going to publicly admit to any fault - it's not a wise business decision to do so.

    Quote Originally Posted by strat View Post
    Thought so.. just checking.. thanks
    Sure
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.
      0 Not allowed!

  4. #79
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    My question is, if you flick your mind back to the password reset it was never answered weather inet wanted to steal our passwords or if someone accessed the server and changed login.php. I guess we have the answer to this now but there are some serious questions inet need to answer for themselves,

    What was actually done when the page was first compromised back then, from here it just sounds like it was brushed off.

    How on earth was someone able to access your database and backup systems, why are these even accessible to the public internet?

    What is the point in me even typing more, frankly you didn't take the first warnings seriously enough and you are solely to blame for this compromise. That is all there is to it.
      0 Not allowed!

  5. #80
    Join Date
    Sep 2005
    Location
    In canada
    Posts
    3,374
    O no bunny infractions are back !! Opening a ticket now, what did bunny do to deserve this
    12+ years -same website , new server [SSD Inside] providing shared/reseller hosting only !
    These things we do not provide/offer : Unlimited Storage ! Unlimited Bandwidth ! But Why? Cause, we were unable to put such a large number on our pages, it just would not fit.
    So check out the numbers that actually fit >> << the page as well as your budget too !
      0 Not allowed!

  6. #81
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by Scott.Mc View Post
    My question is, if you flick your mind back to the password reset it was never answered weather inet wanted to steal our passwords or if someone accessed the server and changed login.php. I guess we have the answer to this now but there are some serious questions inet need to answer for themselves,

    What was actually done when the page was first compromised back then, from here it just sounds like it was brushed off.
    I don't know that you'll get any useful information.

    Quote Originally Posted by Scott.Mc View Post
    How on earth was someone able to access your database and backup systems, why are these even accessible to the public internet?
    My guess is that the webserver/s was/were compromised and then used to access the backup servers. This would have allowed the hacker access to the backup servers over private lan and allowed them to do what they needed.

    Quote Originally Posted by Scott.Mc View Post
    What is the point in me even typing more, frankly you didn't take the first warnings seriously enough and you are solely to blame for this compromise. That is all there is to it.
    Who knows, this could be an entirely different attack of an entirely different manner. If it is the same thing then perhaps - but I'm sure nobody is going to say it is.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.
      0 Not allowed!

  7. #82
    Join Date
    Jan 2005
    Location
    Scotland, UK
    Posts
    2,681
    Quote Originally Posted by MikeDVB View Post
    I don't know that you'll get any useful information.

    My guess is that the webserver/s was/were compromised and then used to access the backup servers. This would have allowed the hacker access to the backup servers over private lan and allowed them to do what they needed.

    Who knows, this could be an entirely different attack of an entirely different manner. If it is the same thing then perhaps - but I'm sure nobody is going to say it is.
    We will never know but can make most likely valid assumptions, given the way these "incidents" have been handled in the past no doubt some half truth story will come out and blame everyone and everything else.
      0 Not allowed!

  8. #83
    Join Date
    Jan 2004
    Posts
    1,184
    Quote Originally Posted by nexbyte View Post
    Also to people calling someone who pulled off a hack like this a person with "no life" is absolutely retarded.

    If the guy can take down a huge site and/or buisness, what makes you think that a huge buisness would not employ him for a good salary to handle security? They are obviously (and moreso) up to date on the latest security flaws and strategies, and also have access to exploits distributed amongst the underworld.

    Most of the "top hackers" dont go to jail, they get good jobs instead.
    It's because of this that people have no respect our morals anymore.

    I will place my bet on that girl that found the Intel bug..... (That hacked wht)

    Also I would place the image verification stuff everywhere in WHT (search/login/register and etc) to stop the automated vul. searches.


    Good luck and hope the person that did this get's little punished like Kevin did in the 90’s.
      0 Not allowed!

  9. #84
    Join Date
    Apr 2008
    Location
    Bury St Edmunds
    Posts
    160
    Quote Originally Posted by Energizer Bunny View Post
    O no bunny infractions are back !! Opening a ticket now, what did bunny do to deserve this
    you left the top secret high security back door open to the all important backups naughty bunny heres a infraction
      0 Not allowed!

  10. #85
    Join Date
    Sep 2008
    Posts
    191
    Quote Originally Posted by Scott.Mc View Post
    My question is, if you flick your mind back to the password reset it was never answered weather inet wanted to steal our passwords or if someone accessed the server and changed login.php. I guess we have the answer to this now but there are some serious questions inet need to answer for themselves,
    Didn't that happen at the same time that Google Cache helpfully showed that WHT had C99 (shell script) on the forum? Goodness knows what was compromised that time.
      0 Not allowed!

  11. #86
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by Scott.Mc View Post
    We will never know but can make most likely valid assumptions
    Well, you know what they say about assumptions ...

    And you're right. I'm not going to address your posts. You obviously didn't read mine.

    I have no qualms about stating exactly what happened. But the truth is, we may never know.

    Of course, we hope we can get the information off the drives. But I'm certainly not going to state that we will. And without that information, I can't state that we'll post how someone gained access, because it's possible we won't know.

    Now move on with the conspiracy theories, please.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  12. #87
    Join Date
    Jul 2005
    Posts
    3,784
    Any plans to update vB if it's not already the latest?
      0 Not allowed!

  13. #88
    Join Date
    Dec 2007
    Location
    Indiana, USA
    Posts
    19,178
    Quote Originally Posted by SoftWareRevue View Post
    Of course, we hope we can get the information off the drives. But I'm certainly not going to state that we will. And without that information, I can't state that we'll post how someone gained access, because it's possible we won't know.
    That in and of itself is a very dangerous statement to make because if you don't know how it happened, you don't know how to prevent it.
    Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
    Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
    cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
    Class-leading support that responds in minutes, not days.
      0 Not allowed!

  14. #89
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Quote Originally Posted by SoftWareRevue View Post
    Well, you know what they say about assumptions ...

    And you're right. I'm not going to address your posts. You obviously didn't read mine.

    I have no qualms about stating exactly what happened. But the truth is, we may never know.

    Of course, we hope we can get the information off the drives. But I'm certainly not going to state that we will. And without that information, I can't state that we'll post how someone gained access, because it's possible we won't know.

    Now move on with the conspiracy theories, please.
    I've read all of this thread (and the 17 page monster before, the one which the idiot hacker posted in), however I'm still a little unclear on the following (sorry if I missed it):

    *If* the data in the backup server cannot be salvaged for whatever reason (which really wouldn't be your fault), would WHT stay as it is currently (i.e. at an October 2008 revision on many things)?
      0 Not allowed!

  15. #90
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by SoftWareRevue View Post
    Well, you know what they say about assumptions ...

    And you're right. I'm not going to address your posts. You obviously didn't read mine.

    I have no qualms about stating exactly what happened. But the truth is, we may never know.

    Of course, we hope we can get the information off the drives. But I'm certainly not going to state that we will. And without that information, I can't state that we'll post how someone gained access, because it's possible we won't know.

    Now move on with the conspiracy theories, please.
    All I can say is this can not happen again.

    I understand the staff is doing there best to fix things as quickly and completely as possible.

    But really I don't think many will tolerate another issues like this.

    I know if I was new member I might leave because of this.

    I'm not of course. I know stuff can happen.

    But i'm just repeating myself.
    Last edited by HNLV; 10-14-2008 at 08:40 PM.
      0 Not allowed!

  16. #91
    Join Date
    Jul 2008
    Location
    France
    Posts
    105
    The negative feedback here is a waste of time. WHT is more aware of the **** up then anyone else since its happened to them. If you not here to offer help then why bother posting? We get it, your upset, get over it and help fix things.

    Site guy whoever you are, its a long shot but see if you can retrieve anything using tools like gpart you might get lucky. Do it on the backup server as well. Tracing them...you'll have more luck telling us where the dbase has been posted even more luck finding them if you can tell us where it was posted first. Someone will be bragging about this sooner or later but even if you do find them its not gonna help much.
    In case you don't already do this... make a simple local backup nightly as well holding back 7 days if you can. Remove any trusted ssh keys from the backup server to this one unless they are totally nessessary and lastly... think about hiding this server from both the backup server and the rest of the world it will give you an extra layer of protection and you no doubt daily hacker wannabe attempts a dud host to exploit that holds no information whatsoever of any importance. Also try not to use remote sql backup software as this often requires too much access level to complete its jobs, rather do em locally and have the backup pick them up securely with no relationship to sql.

    For everyone it's easy to criticize someone else's security until it happens to you and until it does you have no idea how vulnerable you really are. Remember, if someone wants to hack you and they are good enough... they will hack you eventually. After all, isnt that how we progress in the field of security..

    If theres anything you need at WHT, help or whatever, im available and no this aint a sales pitch lol i just want to see your vast database restored to its former glory it would be a shame to permanently loose all that data.
      0 Not allowed!

  17. #92
    I am happy to see WHT back online (again)

    But it is really depressing to see that WHT has backed up DB using such an old backup. (I mean, com’on; Octoer 2008 ) I am sure it’s not just the post count that others are complaining about; we have lost so many valuable and informative threads.

    I still hope that iNet staff will be able to recover most (if not all) data.
    Find solution to every problem ---> Google.com
      0 Not allowed!

  18. #93
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by MikeDVB View Post
    That in and of itself is a very dangerous statement to make because if you don't know how it happened, you don't know how to prevent it.
    Agreed it doesn't sound good.

    I would argue its time for a complete review of the setup WHT uses.



    Quote Originally Posted by chaosuk View Post
    The negative feedback here is a waste of time. WHT is more aware of the **** up then anyone else since its happened to them. If you not here to offer help then why bother posting? We get it, your upset, get over it and help fix things.

    Site guy whoever you are, its a long shot but see if you can retrieve anything using tools like gpart you might get lucky. Do it on the backup server as well. Tracing them...you'll have more luck telling us where the dbase has been posted even more luck finding them if you can tell us where it was posted first. Someone will be bragging about this sooner or later but even if you do find them its not gonna help much.
    In case you don't already do this... make a simple local backup nightly as well holding back 7 days if you can. Remove any trusted ssh keys from the backup server to this one unless they are totally nessessary and lastly... think about hiding this server from both the backup server and the rest of the world it will give you an extra layer of protection and you no doubt daily hacker wannabe attempts a dud host to exploit that holds no information whatsoever of any importance. Also try not to use remote sql backup software as this often requires too much access level to complete its jobs, rather do em locally and have the backup pick them up securely with no relationship to sql.

    For everyone it's easy to criticize someone else's security until it happens to you and until it does you have no idea how vulnerable you really are. Remember, if someone wants to hack you and they are good enough... they will hack you eventually. After all, isnt that how we progress in the field of security..

    If theres anything you need at WHT, help or whatever, im available and no this aint a sales pitch lol i just want to see your vast database restored to its former glory it would be a shame to permanently loose all that data.
    With all do respect. WHT should not have this kind of issue. They have more than enough resources at their disposal.

    Rack space and iNet should be able to prevent issues like this from happening. Or at least have better ways to deal with it. Its obvious one back up server isn't enough. Among various other problems.

    This is at least the second time WHT has been hacked. I think we all know that WHT is targeted. We can assume that partly from he use of proxy shield.

    This is most defiantly a big black eye to the forum.
      0 Not allowed!

  19. #94
    Join Date
    Feb 2006
    Location
    Philadelphia, PA
    Posts
    612
    I guess iNet is working to make sure it doesn't happen to any of their other sites as well now, since I would imagine some of them use similar setups .
      0 Not allowed!

  20. #95
    Join Date
    Oct 2004
    Location
    San Francisco, CA
    Posts
    394
    I noticed a lot of people complaining about their post counts and a lot of people telling them that it's merely a number and there's more to WHT. But, it's not the number that mattered, it's the information that was posted and is now lost. I've lost almost 20+ reviews...

    I wish all the luck to the WHT staff in getting things restored because there was a lot of valuable information lost. Not just the post number...

    If I ran a company that has as much earning power as WHT, I would make sure to invest a good amount into state of the art security and backup solutions.
      0 Not allowed!

  21. #96
    Join Date
    Feb 2006
    Location
    Pakistan/India/USA
    Posts
    322

    Re:

    Dear Dennis,

    Take a look into /var/logs may be you can get some informative information there. I know you have good team but if you need assistance do let me know.

    Best Regards.
    Tom F - VCA-WM, VCA-Cloud, VCA-DCV, CISSO, CPTE, OSCP, RHCE, RHCT
    Maxim Support - Hosting Solutions & Server Management
    Email : tom@maximsupport.com
    Web : http://www.maximsupport.com
      0 Not allowed!

  22. #97
    Join Date
    Aug 2008
    Posts
    176
    Quote Originally Posted by Payton Designs View Post
    I noticed a lot of people complaining about their post counts and a lot of people telling them that it's merely a number and there's more to WHT. But, it's not the number that mattered, it's the information that was posted and is now lost. I've lost almost 20+ reviews...

    I wish all the luck to the WHT staff in getting things restored because there was a lot of valuable information lost. Not just the post number...

    I'd like to know why WHT is still running vB version 3.6?
    Also, why were we able to recover a version 6 months old, and not a version 1 week old?

    If I ran a company that has as much earning power as WHT, I would make sure to invest a good amount into state of the art security and backup solutions.
    I agree on the VB issues.

    As for the security I guess the standards put in place weren't good enough. I'm sure they where expensive knowing Rackspace.
      0 Not allowed!

  23. #98
    Join Date
    Dec 2004
    Location
    Netherlands
    Posts
    384
    If a "hacker" (I dont think that that term qualifies here!) doesnt delete the logs after cleaning the house he/she got to be quite retarded...

    Good luck to the site team to recover this forum!
    Sh*t happends, unfortunately. I just hope I dont get swamped with spam...


    Sincerely,
    - Liroy
      0 Not allowed!

  24. #99
    Join Date
    Jan 2005
    Posts
    2,203
    I can't believe there was no recent local backup of the database. Hope you can recover most of the data.
      0 Not allowed!

  25. #100
    Join Date
    Jun 2006
    Posts
    1,112
    This surely reflects negatively against RackSpace. Nobody knows exactly what Rackspace provide iNet with (if anything? I don't know) but having that lovely "powered by" icon now doesn't look so good.

    I'm wondering where the 6 month backup was stored and why there couldn't have been at least a monthly backup along with it.

    This is all very worrying, alot of information lost and the company image has a big dent in it. When was that last hacking attempt, you know when we had to change our passwords all of a sudden? Not so long ago!

    Ah well, it doesn't effect me too much just p***ed me off a bit.

    I look forward to seeing the missing posts put into place but by that time no doubt more discussions will have made me forget about whatever was here previously.
      0 Not allowed!

Page 4 of 22 FirstFirst 123456714 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •