hosted by liquidweb


Go Back   Web Hosting Talk : Other Forums : WHT Announcements, Feedback and Questions : WHT Data - Q&A Information
Closed Thread

Forum Jump

WHT Data - Q&A Information

Closed Thread Post New Thread In WHT Announcements, Feedback and Questions Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
iNET Senior Community Advisor
 
Join Date: Jun 2001
Location: Kalamazoo
Posts: 32,637

WHT Data - Q&A Information


What do we know about the damage done?

This attack was very deliberate, sophisticated and calculated. The attacker was able to circumvent our security measures and access via an arcane backdoor protected by additional firewall. We are still investigating the situation, but we know the attacker infiltrated and deleted the backups first and then deleted three databases: user/post/thread. We have no record or evidence that private message data was accessed. Absolutely no credit card or PayPal data was exposed.


Do we know the motivation behind the attack?

We don’t know enough at this time, so any insight would be purely speculative in nature. WHT is a platform where positive and negative information is shared and exposed about business and individuals. Under TOS policy, we cannot edit or remove user-generated content at the request of an unsatisfied third party. Therefore, WHT tends to become the target for disgruntled individuals and businesses.


Have we been able to restore more recent back-ups?

The offsite backup, the onsite backup and the operational data were destroyed by the attacker, so we’ve resorted to a physical back-up of last resort. Unfortunately, we are experiencing difficulty restoring from our most recent physical backup. At this point, October is the most recent backup that we were able to restore. We continue to work to extract data from a more recent set of DVDs.


What is WHT focused on doing now?

The first priority, which kicked in immediately upon discovering the hack while in process, was locking down the infrastructure to avoid further damage and restoring the site. We also had to block the potential for a repeat attack. Now we are working on investigating how much prior data is restorable, reinstating premium memberships, contacting business partners, and communicating with the community members. We are also doing everything possible to identify the attacker and bring them to justice. Disappointments happen – we are working hard to restore trust among community members and to bring things back to normal.


Is WHT doing anything different due to this attack?

WHT has been targeted before and our infrastructure has withstood previous attacks. However, following this well-planned and targeted attack, we will be altering aspects of our architecture to ensure that this type of attack does not happen again. Needless to say, we have learned from this situation and will address any discrepancies accordingly.

We had three, protected data back-up units with one offsite behind a firewall and a fourth physical data back-up layer. We evaluated our disaster recovery plan as recent as late-2008, and carefully reviewed how to recover from a disaster situation. The attacker appeared to have deliberately targeted our data back-up systems, a scenario that our disaster recovery plan did not fully anticipate. We have implemented changes to our data backup and disaster recovery plans to address this weakness. And we advise others to consider a scenario of deliberate, malicious data destruction in their backup and recovery plans.


What should members do now?

The password encryption technology we use is strong for securing non-financial data. However, we suggest that members change their passwords frequently and do not use the same user name and password for the forum as they may use for more sensitive services like online banking. If a member feels more comfortable changing their password, then we recommend that they do what makes them feel more secure.

A concern is that members may receive more spam because the attacker posted stolen email addresses on file sharing sites. I haven’t personally seen an increase in the amount of spam I usually receive to my email address, but it is a risk that we cannot easily alleviate. As we become aware of specific file sharing sites with these email addresses, we are requesting that the emails be removed promptly. So far, most have been quick to comply.

What if I can’t use my WHT account?

We are temporarily using a version of the database from October 2008. This means that if you joined WHT after October 2008, you’ll need to register again to post now. We may still be able to recover your account, but we don’t know yet. Please register with the same username you used before.

If you joined WHT before October 2008 and get a password error, the system is probably asking for the password you were using in October 2008. If you don’t remember your previous password and have access to the email address for your WHT account in October 2008, please use the password recovery tool.

For help accessing your account, please open a helpdesk ticket.

If you’ve subscribed to a Premium or Corporate membership prior to October 2008, someone from iNET has contacted you by now. If you’ve subscribed (or re-subscribed) since October 2008 and haven’t heard from iNET, please contact us on the helpdesk.

Moving forward ...

We take the protection of user-contributed data very seriously, and we strongly regret what happened. iNET has a sophisticated infrastructure with advanced security. Yet even institutions that spend millions of dollars a year on Internet security are exploited. Anyone recall NASA being hacked some years back?

It’s not what you’ve done, it’s what you do. And from this day forward, we continue.

We’ve been overwhelmed by all the offers of help and support we’ve received from our members. What can I say about that beyond my heartfelt thanks? I love this community!

__________________
.
There is no best host. There is only the host that's best for you.


Last edited by SoftWareRevue; 03-24-2009 at 03:40 PM. Reason: Durned typos


Sponsored Links
  #2  
Old
Retired Moderator
 
Join Date: Oct 2003
Location: Scotland, UK
Posts: 2,898
Great to see these questions all answered in one place.

Here's hoping the data can be recovered.

__________________
Alasdair - SolidPHP, Inc.
SPBAS - Business Automation Software for web hosts, web-applications, PHP licensing and digital goods delivery.
Customer management, billing & invoicing, email marketing, integrated helpdesk, multiple brands support & more.
Now with Web Hosting and Domain Reg/Transfer/Renew Support!

  #3  
Old
Aspiring Evangelist
 
Join Date: May 2004
Location: Singapore
Posts: 364
Google cache or archive.org could be used to restore the missing part of WHT if all attempts fail.

__________________
Website Monitoring . Web Host Ranking

Sponsored Links
  #4  
Old
Web Hosting Guru Wannabe
 
Join Date: Mar 2004
Posts: 1,361
Just when you think you have all the technology in place for security, along comes "social engineering". So, with that in mind, there is no such thing as 100% secure. We live, and we learn. I hope to someday have a site as popular and valuable as this one someday so I can set out to make it 100% secure. That is always the goal. Dave

  #5  
Old
Web Hosting Master
 
Join Date: Feb 2006
Location: Buffalo NY
Posts: 1,240
So was this purely a exploit / software based intrusion or was there social engineering or the sorts involved?

__________________
Cody R. - Chief Technical Officer
Quality Shared and VPS Hosting
Hawk Host Inc. Proudly serving websites since 2004
PHP 5.3.x & PHP 5.4.x & PHP 5.5.X Support!

  #6  
Old
iNET Senior Community Advisor
 
Join Date: Jun 2001
Location: Kalamazoo
Posts: 32,637
Quote:
Originally Posted by citricsquid View Post
Not advanced enough, clearly. We know what happened was regrettable or whatever, but trying to say WHT was secure is treating us as fools.
I won't have any trolling in this thread. If you want to simply complain and state that a seemingly secure network cannot be vulnerable to a determined thief, go somewhere else. I'm pretty sure we all get it.

__________________
.
There is no best host. There is only the host that's best for you.


Last edited by SoftWareRevue; 03-24-2009 at 04:36 PM.
  #7  
Old
Web Hosting Master
 
Join Date: Dec 2002
Location: Los Angeles
Posts: 559
Once the monkeys get into your tree it's difficult to shake them out permanently. You can bet that it was the same person or persons who got in last year, if not them, someone who worked with them or used their information for the second (?), more comprehensive strike.

But to lay blame at the feet of the company that manages this monster is pointless. No one is prepared for every eventuality. No one. Back in the day they used to say the only way to really protect a networked server is to remove it from the network. And not much has changed since then.

You don't have to trust these guys. It's a forum, last time I checked, participation was voluntary. If your trust has been shattered and the foundations of your very existence rocked by this tragedy, then go someplace safe and warm and forget about this beehive. I don't think anyone was cast into a pit of financial ruin or driven to the brink of suicide by this episode. In the grand scheme of things, what's the worst possible outcome? People lose some posts? Your premium membership is unavailable for a few days? Oh my, how will we ever survive?

With everything collapsing and crumbling around the world (hello Iceland!) bitching about this just makes you look like someone with way too much time on their hands. Take a deep breath, pull your socks up, get over it.

__________________
datapimp - You only get one soul, ya dig?

  #8  
Old
iNET Interactive
 
Join Date: May 2001
Location: Dayton, Ohio
Posts: 4,897
Quote:
Originally Posted by CodyRo View Post
So was this purely a exploit / software based intrusion or was there social engineering or the sorts involved?
There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.


Last edited by The Prohacker; 03-24-2009 at 04:55 PM.
  #9  
Old
Web Hosting Master
 
Join Date: Nov 2007
Location: India
Posts: 843
This is the hard time to WHT,now we have to help the community admins to over come the hardtime.

  #10  
Old
Web Hosting Guru
 
Join Date: Jan 2004
Location: NJ, USA
Posts: 288
Was wondering why my old thread had gone MIA.

Looks like you guys are doing everything you can to prevent something like this from happening again, as well as trying to recover as much information as possible.

__________________


  #11  
Old
Junior Guru Wannabe
 
Join Date: Oct 2006
Posts: 62
Hi Everyone,

To the team working on restoring the site i just want to say good work so far and don't forget to get some rest

__________________
Ijan Kruizinga
Crucial Paradigm - Reliable, Professional• 24/7 Support • Web Hosting • Reseller Hosting • Virtual Dedicated Servers • Dedicated Servers • Remote Backup

  #12  
Old
The Master @ Making Deals!
 
Join Date: Mar 2009
Location: Houston, TX
Posts: 1,043
iNet is trying their best to help rectify the issues at hand, complaining about it will not help this situation at all.

Thank you for the brief Q/A as I'm sure many visitors will find this helpful.

  #13  
Old
Web Hosting Master
 
Join Date: Feb 2006
Location: Buffalo NY
Posts: 1,240
Quote:
Originally Posted by The Prohacker View Post
There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.
That's exactly why I was curious about social engineering (or "inside job" but that's a bit too conspiracy like for me ) - just seemed like for the perfect storm to happen it had to be a mix of things.

Thanks for the information

__________________
Cody R. - Chief Technical Officer
Quality Shared and VPS Hosting
Hawk Host Inc. Proudly serving websites since 2004
PHP 5.3.x & PHP 5.4.x & PHP 5.5.X Support!

  #14  
Old
Disabled
 
Join Date: Nov 2003
Location: Amidst several dimensions
Posts: 4,321
im sure there are numerous people in this community who would be able to easily hand the attacker's ass over to him/her/them if any trackable info about the attacker is released to public.

its stupid to attack internet communities. noone would care about hacking of fbi, cia, nasa sites, some even may approve. but attacking community sites is rather dangerous. i wouldnt do that.

  #15  
Old
Community Guide
 
Join Date: Jan 2006
Location: Athens, Greece
Posts: 1,479
May I ask as per thread title,
is there any chance that there are any traces left from the attackers?

__________________


Closed Thread

Related posts from TheWhir.com
Title Type Date Posted
Cyberthreat Information Sharing Doesn't Break Antitrust Law: Feds Web Hosting News 2014-05-01 08:34:01
A Lawyer’s Perspective on Big Data Blog 2014-03-13 09:17:33
Consulting Firm Uploads Sensitive UK Patient Data to Google Servers Web Hosting News 2014-03-04 12:30:33
HITRUST SQL Injection Exposes 111 Records, Test Data Web Hosting News 2013-05-29 15:18:07
IBM to Acquire StoredIQ to Boost Big Data Capabilities Web Hosting News 2012-12-24 08:32:39


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?