Page 2 of 9 FirstFirst 12345 ... LastLast
Results 26 to 50 of 213
  1. #26
    Join Date
    Feb 2008
    Location
    Texas, USA
    Posts
    445
    Quote Originally Posted by SoftWareRevue View Post
    I won't have any trolling in this thread. If you want to simply complain and state that a seemingly secure network cannot be vulnerable to a determined thief, go somewhere else. I'm pretty sure we all get it.
    Agreed. Things like this happen and we should move on now. We all know that you guys are doing the best you can, so it's best for us to be patient and to continue our contributions as normal.

    Thanks for the Q&A's.
    HJI Technologies, LLC - A New Uncompromising Experience, Since 2014
    Shared Hosting | Resellers Hosting | VPS Hosting
    Add Incredible Value to YOUR Business | 30-Day Money Back Guarantee*
    Get Started Today! | Sales: (806) 724-8004
      0 Not allowed!

  2. #27
    Join Date
    Jan 2005
    Location
    TX
    Posts
    77
    I hope you guys can recover, really sorry to hear this. I haven't posted in a while, but I know this is a very highly valued forum.
      0 Not allowed!

  3. #28
    Join Date
    Jan 2006
    Location
    London
    Posts
    320

    Talking

    Quote Originally Posted by SoftWareRevue View Post
    We haven't completed a total audit yet. But we're closer to him than he wishes.
    So we know the person is a he.

    Thanks for creating this thread, much easier than reading that 20+ page long thread.

    All the best on the recovery plan!
      0 Not allowed!

  4. #29
    Join Date
    Mar 2009
    Posts
    634
    Thanks for the update and good luck with recovery!
      0 Not allowed!

  5. #30
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by darkeden View Post
    ... and one question. the hacker had to hack the forum before the backup servers right? how would the hacker know the backup servers ip or any information as I dont think its mentioned anywhere.
    No. The backup servers were wiped first. As for how he found them ... unknown at this point.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  6. #31
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by igxhost View Post
    ... Hopefully my account along with many others will be restored soon.
    I hear ya. And I'm hoping the same thing.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  7. #32
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by Jonathan J View Post
    So we know the person is a he...
    Whoops.

    If I can think of any information we can post that would help anyone recognize him, we'll post it. Maybe together we can ferret him out.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  8. #33
    Good luck on this, I think the best solution right now as community members would just to keep posting and keep the forum alive as there is nothing we can do personally on our parts and of course bashing iNet will result to no gain.

    Good luck on the restore.
      0 Not allowed!

  9. #34
    Join Date
    Aug 2003
    Location
    Pittsburgh
    Posts
    3,490
    Quote Originally Posted by Sean M View Post
    ...I think the best solution right now as community members would just to keep posting and keep the forum alive...
    Sounds good to me.
      0 Not allowed!

  10. #35
    Join Date
    Jul 2002
    Location
    Directadmin Core
    Posts
    770
    Quote Originally Posted by CArmstrong View Post
    Sounds good to me.
    Ya, what he said.

    Stop looking back - look toward our future here.
    http://www.hostpc.com
    DirectAdmin servers for hosting, resellers and your dedicated needs.
    Hosting, Resellers, Dedicated Managed and Unmanaged servers
    Hosting since 11/98 - Specializing in DirectAdmin since 8/03
      0 Not allowed!

  11. #36
    Join Date
    Feb 2007
    Location
    USA, UK, Singapore
    Posts
    3,481
    I am not sure if someone else speculated but I suspect this attack should have a hand from someone close to inet or server management team. This is because most of the time it is not revealed to anyone but a few people where the offsite backups are being placed. Looking at the way that attacker planned his attack, I suspect this _can_ be the case and should be considered by the concerned team.

    In any case, we have been with WHT since long and we do understand that such things happen inspite of having good amount of security measures in place. Good luck with getting the backups restored.

    - Rick
    ██ SoftSys Hosting ██ - 14 Years In Business - 24/7 In-House Support - Enterprise Class Replicated Cloud Servers For HA

    Cloud Hosting With Anti-Malware, IDS/IPS, WAF & Litespeed - Windows 2019 Shared Hosting w/ Plesk
      0 Not allowed!

  12. #37
    Quote Originally Posted by SoftsysHosting-Rick View Post
    I am not sure if someone else speculated but I suspect this attack should have a hand from someone close to inet or server management team. This is because most of the time it is not revealed to anyone but a few people where the offsite backups are being placed. Looking at the way that attacker planned his attack, I suspect this _can_ be the case and should be considered by the concerned team.

    In any case, we have been with WHT since long and we do understand that such things happen inspite of having good amount of security measures in place. Good luck with getting the backups restored.

    - Rick
    I am guessing that inet has good background on all of its employees and would not trust someone with the knowledge of this information if they did not trust them and know they would never do anything to harm WHT.
      0 Not allowed!

  13. #38
    Quote Originally Posted by SoftWareRevue View Post
    No. The backup servers were wiped first. As for how he found them ... unknown at this point.
    Maybe he'll post a tutorial in the how-to forum? :-P
      0 Not allowed!

  14. #39
    Join Date
    Apr 2008
    Location
    TX (home), CO (college)
    Posts
    385
    Once the bad guy gets nabbed and/or the databases are restored, I'm back with a vengeance. However at the moment I'm a bit skittish about the whole thing...this should be my 250+th post, not my 3rd. A lot of information was lost Too bad about the physical backups being hard to restore. I'm hoping you guys checked on restoring those in a test environment after you made them?
      0 Not allowed!

  15. #40
    Join Date
    Dec 2007
    Posts
    62
    If you restored a more recent backup of the posts,threads and users database will the data added after the attack be lost ?
    Or you will combine both databases some how ?
      0 Not allowed!

  16. #41
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by RossH View Post
    Maybe he'll post a tutorial in the how-to forum? :-P
    Just because we don't know all the details right now, doesn't mean we'll never know.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  17. #42
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by Medhat View Post
    If you restored a more recent backup of the posts,threads and users database will the data added after the attack be lost ?
    Or you will combine both databases some how ?
    I'm pulling for, if we get a backup from last week, we'll be able to keep the posts from this week as well.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  18. #43
    It is like the show 24 all over again Go Jack, Go!
      0 Not allowed!

  19. #44
    Join Date
    Feb 2002
    Location
    Australia
    Posts
    24,027
    Quote Originally Posted by SoftWareRevue View Post
    I'm pulling for, if we get a backup from last week, we'll be able to keep the posts from this week as well.
    What are the chances of restoring to last week's backup?
    WLVPN.com NetProtect owned White Label VPN provider
    Increase your hosting profits by adding VPN to your product line up
      0 Not allowed!

  20. #45
    Join Date
    Jan 2006
    Location
    Ontario, Canada
    Posts
    324
    Quote Originally Posted by SoftWareRevue
    Yet even institutions that spend millions of dollars a year on Internet security are exploited. Anyone recall NASA being hacked some years back?
    Yes indeed, I was about 15 when that happened and used to hang out on IRC/DALnet in the same script kiddie channel as the guy (skrilla) who got caught for the attack, the guy had a private rootkit/exploits and had quite a root list, a lot more than just nasa.

    They got busted by going on IRC (newnet) and flaunting nasa.gov (and other) hosts :/

    Good luck recovering the backups, I wish you the best!
    Shared Hosting / Reseller Hosting / Email Hosting
    Dedicated Servers / Unmetered Servers / Linux & Windows VPS
    DME Hosting, LLC [http://www.dmehosting.com]
      0 Not allowed!

  21. #46
    Join Date
    Mar 2009
    Location
    Miami, Florida
    Posts
    20,777
    I am sorry for this attack, some people can be #$%@. It is immature to say the least
      0 Not allowed!

  22. #47
    Join Date
    Oct 2008
    Location
    Singapore
    Posts
    4,685
    Quote Originally Posted by SoftWareRevue View Post
    Do we know the motivation behind the attack?

    We don’t know enough at this time, so any insight would be purely speculative in nature. WHT is a platform where positive and negative information is shared and exposed about business and individuals. Under TOS policy, we cannot edit or remove user-generated content at the request of an unsatisfied third party. Therefore, WHT tends to become the target for disgruntled individuals and businesses.
    If I were iNET, I would had hired multiple experienced & excellent engineers to check on every single possible lead, as fast as possible.

    Since WHT may be targetted by unhappy people, why not start searching from businesses who have many negative reviews and is very unhappy about it, always trying ways for them to be removed? That goes for users too.

    Quote Originally Posted by The Prohacker View Post
    There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

    Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.
    You may be involved in the hacking! You are "The Prohacker"! Just kidding!

    If thats the case, there is a chance that it is an insider job. However, judging from the case here, I will highly doubt that it is an insider job, as it seems to be planned well. Most likely the hacker is anticipating iNET to check on their staffs to see if it is an insider job, and after a long time, things may be harder to track and investigate, and the hacker can "escape".

    ----------------------------------------------------------------------------------

    These are just my $0.02.
      0 Not allowed!

  23. #48
    Join Date
    May 2006
    Location
    San Francisco
    Posts
    7,325
    Quote Originally Posted by LaptopFreak View Post
    If I were iNET, I would had hired multiple experienced & excellent engineers to check on every single possible lead, as fast as possible.

    Since WHT may be targetted by unhappy people, why not start searching from businesses who have many negative reviews and is very unhappy about it, always trying ways for them to be removed? That goes for users too.
    I think it's safe to presume that iNet and WHT are doing everything possible right now to resolve this current issue and uncover leads toward the culprit and how this all went down.
      0 Not allowed!

  24. #49
    Join Date
    Oct 2008
    Location
    Singapore
    Posts
    4,685
    Quote Originally Posted by Orien View Post
    I think it's safe to presume that iNet and WHT are doing everything possible right now to resolve this current issue and uncover leads toward the culprit and how this all went down.
    Well, they must be trying to track down the culprit, but those are just my suggestions on how, and the possibilities etc. I just love doing something a detective does!(although its not my job and I have not ever plan to be one)
      0 Not allowed!

  25. #50
    Quote Originally Posted by The Prohacker View Post
    Of course there is the nagging question, how did they find our backup cluster!
    Working with high-end corporate security for many years in the white-hat field, the answer seems obvious (when you followed the official information posted here on WHT).

    One of the few persons who knew about the backup cluster was probably hacked/compromized initially. A well crafted email sent to the staff member possibly with the help of a malicious website is more than enough. Possibly even a stolen laptop without/with weak HDD encryption.

    I'd issue them entirely new laptops for the time of the investigation. Prohibit them to access their past emails, confiscate the old laptops with the intent to do forensics on them. Although probably not deliberate on the part of the few staff members, the leak is highly likely to be found with one of them.

    It's usually easy enough for a good hacker to get this kind of information. With the "right" level of determination and savviness - alternatively with enough money to "buy" the savviness - it's almost impossible to prevent in reality... That's when the physical backups become priceless.
      0 Not allowed!

Page 2 of 9 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •