Page 1 of 15 123411 ... LastLast
Results 1 to 15 of 213
  1. #1
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    32,778

    WHT Data - Q&A Information

    What do we know about the damage done?

    This attack was very deliberate, sophisticated and calculated. The attacker was able to circumvent our security measures and access via an arcane backdoor protected by additional firewall. We are still investigating the situation, but we know the attacker infiltrated and deleted the backups first and then deleted three databases: user/post/thread. We have no record or evidence that private message data was accessed. Absolutely no credit card or PayPal data was exposed.


    Do we know the motivation behind the attack?

    We don’t know enough at this time, so any insight would be purely speculative in nature. WHT is a platform where positive and negative information is shared and exposed about business and individuals. Under TOS policy, we cannot edit or remove user-generated content at the request of an unsatisfied third party. Therefore, WHT tends to become the target for disgruntled individuals and businesses.


    Have we been able to restore more recent back-ups?

    The offsite backup, the onsite backup and the operational data were destroyed by the attacker, so we’ve resorted to a physical back-up of last resort. Unfortunately, we are experiencing difficulty restoring from our most recent physical backup. At this point, October is the most recent backup that we were able to restore. We continue to work to extract data from a more recent set of DVDs.


    What is WHT focused on doing now?

    The first priority, which kicked in immediately upon discovering the hack while in process, was locking down the infrastructure to avoid further damage and restoring the site. We also had to block the potential for a repeat attack. Now we are working on investigating how much prior data is restorable, reinstating premium memberships, contacting business partners, and communicating with the community members. We are also doing everything possible to identify the attacker and bring them to justice. Disappointments happen – we are working hard to restore trust among community members and to bring things back to normal.


    Is WHT doing anything different due to this attack?

    WHT has been targeted before and our infrastructure has withstood previous attacks. However, following this well-planned and targeted attack, we will be altering aspects of our architecture to ensure that this type of attack does not happen again. Needless to say, we have learned from this situation and will address any discrepancies accordingly.

    We had three, protected data back-up units with one offsite behind a firewall and a fourth physical data back-up layer. We evaluated our disaster recovery plan as recent as late-2008, and carefully reviewed how to recover from a disaster situation. The attacker appeared to have deliberately targeted our data back-up systems, a scenario that our disaster recovery plan did not fully anticipate. We have implemented changes to our data backup and disaster recovery plans to address this weakness. And we advise others to consider a scenario of deliberate, malicious data destruction in their backup and recovery plans.


    What should members do now?

    The password encryption technology we use is strong for securing non-financial data. However, we suggest that members change their passwords frequently and do not use the same user name and password for the forum as they may use for more sensitive services like online banking. If a member feels more comfortable changing their password, then we recommend that they do what makes them feel more secure.

    A concern is that members may receive more spam because the attacker posted stolen email addresses on file sharing sites. I haven’t personally seen an increase in the amount of spam I usually receive to my email address, but it is a risk that we cannot easily alleviate. As we become aware of specific file sharing sites with these email addresses, we are requesting that the emails be removed promptly. So far, most have been quick to comply.

    What if I can’t use my WHT account?

    We are temporarily using a version of the database from October 2008. This means that if you joined WHT after October 2008, you’ll need to register again to post now. We may still be able to recover your account, but we don’t know yet. Please register with the same username you used before.

    If you joined WHT before October 2008 and get a password error, the system is probably asking for the password you were using in October 2008. If you don’t remember your previous password and have access to the email address for your WHT account in October 2008, please use the password recovery tool.

    For help accessing your account, please open a helpdesk ticket.

    If you’ve subscribed to a Premium or Corporate membership prior to October 2008, someone from iNET has contacted you by now. If you’ve subscribed (or re-subscribed) since October 2008 and haven’t heard from iNET, please contact us on the helpdesk.

    Moving forward ...

    We take the protection of user-contributed data very seriously, and we strongly regret what happened. iNET has a sophisticated infrastructure with advanced security. Yet even institutions that spend millions of dollars a year on Internet security are exploited. Anyone recall NASA being hacked some years back?

    It’s not what you’ve done, it’s what you do. And from this day forward, we continue.

    We’ve been overwhelmed by all the offers of help and support we’ve received from our members. What can I say about that beyond my heartfelt thanks? I love this community!
    Last edited by SoftWareRevue; 03-24-2009 at 03:40 PM. Reason: Durned typos
    .
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  2. #2
    Join Date
    Oct 2003
    Location
    Scotland, UK
    Posts
    2,899
    Great to see these questions all answered in one place.

    Here's hoping the data can be recovered.
    Alasdair
      0 Not allowed!

  3. #3
    Join Date
    May 2004
    Location
    Singapore
    Posts
    366
    Google cache or archive.org could be used to restore the missing part of WHT if all attempts fail.
      0 Not allowed!

  4. #4
    Join Date
    Mar 2004
    Posts
    1,431
    Just when you think you have all the technology in place for security, along comes "social engineering". So, with that in mind, there is no such thing as 100% secure. We live, and we learn. I hope to someday have a site as popular and valuable as this one someday so I can set out to make it 100% secure. That is always the goal. Dave
      0 Not allowed!

  5. #5
    Join Date
    Feb 2006
    Location
    Buffalo NY
    Posts
    1,253
    So was this purely a exploit / software based intrusion or was there social engineering or the sorts involved?
    Cody R. - Chief Technical Officer
    Quality Shared and VPS Hosting
    Hawk Host Inc. Proudly serving websites since 2004
    PHP 5.3.x & PHP 5.4.x & PHP 5.5.X Support!
      0 Not allowed!

  6. #6
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    32,778
    Quote Originally Posted by citricsquid View Post
    Not advanced enough, clearly. We know what happened was regrettable or whatever, but trying to say WHT was secure is treating us as fools.
    I won't have any trolling in this thread. If you want to simply complain and state that a seemingly secure network cannot be vulnerable to a determined thief, go somewhere else. I'm pretty sure we all get it.
    Last edited by SoftWareRevue; 03-24-2009 at 04:36 PM.
    .
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  7. #7
    Join Date
    Dec 2002
    Location
    Los Angeles
    Posts
    559
    Once the monkeys get into your tree it's difficult to shake them out permanently. You can bet that it was the same person or persons who got in last year, if not them, someone who worked with them or used their information for the second (?), more comprehensive strike.

    But to lay blame at the feet of the company that manages this monster is pointless. No one is prepared for every eventuality. No one. Back in the day they used to say the only way to really protect a networked server is to remove it from the network. And not much has changed since then.

    You don't have to trust these guys. It's a forum, last time I checked, participation was voluntary. If your trust has been shattered and the foundations of your very existence rocked by this tragedy, then go someplace safe and warm and forget about this beehive. I don't think anyone was cast into a pit of financial ruin or driven to the brink of suicide by this episode. In the grand scheme of things, what's the worst possible outcome? People lose some posts? Your premium membership is unavailable for a few days? Oh my, how will we ever survive?

    With everything collapsing and crumbling around the world (hello Iceland!) bitching about this just makes you look like someone with way too much time on their hands. Take a deep breath, pull your socks up, get over it.
    datapimp - You only get one soul, ya dig?
      0 Not allowed!

  8. #8
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,903
    Quote Originally Posted by CodyRo View Post
    So was this purely a exploit / software based intrusion or was there social engineering or the sorts involved?
    There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

    Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.
    Last edited by The Prohacker; 03-24-2009 at 04:55 PM.
      0 Not allowed!

  9. #9
    Join Date
    Nov 2007
    Location
    India
    Posts
    843
    This is the hard time to WHT,now we have to help the community admins to over come the hardtime.
      0 Not allowed!

  10. #10
    Join Date
    Jan 2004
    Location
    NJ, USA
    Posts
    288
    Was wondering why my old thread had gone MIA.

    Looks like you guys are doing everything you can to prevent something like this from happening again, as well as trying to recover as much information as possible.
      0 Not allowed!

  11. #11
    Hi Everyone,

    To the team working on restoring the site i just want to say good work so far and don't forget to get some rest
    Ijan Kruizinga
    Crucial Paradigm - Reliable, Professional• 24/7 Support • Web Hosting • Reseller Hosting • Virtual Dedicated Servers • Dedicated Servers • Remote Backup
      0 Not allowed!

  12. #12
    Join Date
    Mar 2009
    Location
    Houston, TX
    Posts
    1,062
    iNet is trying their best to help rectify the issues at hand, complaining about it will not help this situation at all.

    Thank you for the brief Q/A as I'm sure many visitors will find this helpful.
      0 Not allowed!

  13. #13
    Join Date
    Feb 2006
    Location
    Buffalo NY
    Posts
    1,253
    Quote Originally Posted by The Prohacker View Post
    There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

    Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.
    That's exactly why I was curious about social engineering (or "inside job" but that's a bit too conspiracy like for me ) - just seemed like for the perfect storm to happen it had to be a mix of things.

    Thanks for the information
    Cody R. - Chief Technical Officer
    Quality Shared and VPS Hosting
    Hawk Host Inc. Proudly serving websites since 2004
    PHP 5.3.x & PHP 5.4.x & PHP 5.5.X Support!
      0 Not allowed!

  14. #14
    Join Date
    Nov 2003
    Location
    Amidst several dimensions
    Posts
    4,321
    im sure there are numerous people in this community who would be able to easily hand the attacker's ass over to him/her/them if any trackable info about the attacker is released to public.

    its stupid to attack internet communities. noone would care about hacking of fbi, cia, nasa sites, some even may approve. but attacking community sites is rather dangerous. i wouldnt do that.
      0 Not allowed!

  15. #15
    Join Date
    Jan 2006
    Location
    Athens, Greece
    Posts
    1,479
    May I ask as per thread title,
    is there any chance that there are any traces left from the attackers?
      0 Not allowed!

Page 1 of 15 123411 ... LastLast

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •