Results 51 to 75 of 213
Thread: WHT Data - Q&A Information
-
03-25-2009, 04:21 AM #51Vice Cheese
- Join Date
- Jan 2006
- Location
- Jersey
- Posts
- 2,971
I dont think its an inside job but a very smart way to attack because it is rather odd someone would attack the backup servers first and if its really as hard as you say it is to find your off-site backup servers, I can tell this has been in the works for a very long time. They (hackers) were probably INSIDE your systems and just sitting there quietly monitoring all your systems...see how backups are being made, how often, among other actions that you guys perform.
They also probably noticed you guys were quick with backup restorations when may be you accidentally deleted a table or something while doing routine maintenance? That is probably how they found out where your off-site backup server were. So they first attacked the backup because seriously, who notices an old archived backup is gone when the site is up and running fine, correct? So after they made sure there would be no way to recover from backups, they deleted the actual live database.
So after the site went down and you guys went scrambling to restore....poof...no backups.
Of course, all this is just a theory. If they were able to remain stealth for such a long time to monitor whats going on your systems, I would think they were very good at covering their tracks as well. I hate to say it but they were smart, but I wish the best of luck to iNet to find the hackers.Email: info ///at/// honelive.com0
-
03-25-2009, 04:59 AM #520
-
03-25-2009, 05:04 AM #53Web Hosting Master
- Join Date
- Oct 2008
- Location
- Singapore
- Posts
- 4,685
0
-
03-25-2009, 05:34 AM #54Junior Guru Wannabe
- Join Date
- Mar 2008
- Posts
- 58
i'm so sorry about what happened with WHT. but i think Administrator subjectived about backup database. I think you should rsync database to a local server in your company daily. that's better..
anyway, i wish WHT still grow up i learned in WHT many things0
-
03-25-2009, 05:56 AM #55Disabled
- Join Date
- Nov 2003
- Location
- Amidst several dimensions
- Posts
- 4,324
thats not a necessity.
if there is any software installed within a server to connect to an outside server to place the backup there, that software probably will be using a hashed key or login info that can be found locally to connect to the remote server.
if the remote server is accessing the server to be backed up with the target server's own login data or access hash, and then receives the backup, than that's more secure, for the login/access info on the backup server doesnt get into play at any point.0
-
03-25-2009, 06:23 AM #56Web Hosting Master
- Join Date
- Nov 2001
- Location
- London
- Posts
- 4,931
Matthew Russell | Namecheap
Twitter: @mattdrussell
www.easywp.com - True Managed WordPress, made easy0
-
03-25-2009, 06:24 AM #57Web Hosting Master
- Join Date
- Sep 2006
- Location
- Cardiff - United Kingdom
- Posts
- 1,569
0
-
03-25-2009, 06:36 AM #58Aspiring Evangelist
- Join Date
- Dec 2007
- Location
- Lebanon
- Posts
- 413
0
-
03-25-2009, 07:30 AM #59Web Hosting Guru
- Join Date
- Apr 2006
- Location
- Mandaluyong, Philippines
- Posts
- 316
Someone did this for profit, personal esteem or both. If it was just for the sake of doing it, its likely the culprit is now bragging. Given the size of the WHT community, bragging may just root them out.
There's also the possibility that some jerk was sifting through what his botnet sent him, saw something interesting (from a staff member's shared home PC also used for work, perhaps?), investigated then exploited it. So, it may not have been as targeted as many think, just opportunistic.
I can't stress the importance of bare metal backups, at least weekly, stored off line. Glad to see private messages seem to be untouched, good luck in getting this mess sorted out.0
-
03-25-2009, 07:56 AM #60Newbie
- Join Date
- Mar 2009
- Posts
- 12
well i shall have to registered new ID
0
-
03-25-2009, 08:01 AM #61Web Hosting Guru
- Join Date
- Apr 2006
- Location
- Mandaluyong, Philippines
- Posts
- 316
Is anyone else getting a ton of new spam from a company claiming to be Point Focus LLC? Its the 6'th one today. Prior to this event, I got maybe 6 per month.
0
-
03-25-2009, 08:11 AM #62Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
03-25-2009, 08:15 AM #63Web Hosting Evangelist
- Join Date
- Jul 2005
- Location
- Belgium
- Posts
- 507
Agreed, no matter what the aim / motivation / reasoning / modus operandi / identity of this scum might have been.
Pass it through to the authorities. Scum is scum and should be treated as a scum.
sash
PS -- By the way, I've found (via external links in Webmaster tools) my last post here -- which is gone from WHT -- on some blog. Could it be related? It appeared there very recently.Last edited by sash; 03-25-2009 at 08:19 AM.
kept alive by vertaalbureau0
-
03-25-2009, 08:47 AM #64
How recently sash?
0
-
03-25-2009, 08:50 AM #65Web Hosting Master
- Join Date
- Nov 2007
- Location
- Dallas, TX
- Posts
- 9,064
I apologize if this has been asked elsewhere in the thread, but:
How did the hackers destroy the off-site backup?
I am assuming they executed a command to remotely delete it...? Did the off-site backup provider not backup their servers?
-mike0
-
03-25-2009, 08:54 AM #66Web Hosting Evangelist
- Join Date
- Jul 2005
- Location
- Belgium
- Posts
- 507
Also a good point, I was thinking about that too. Which companies have received last months the bulk of negative reviews? There were not that much of them. I bet for some of them getting rid of all the negative info at once was worth taking risk and paying a hacker. How else can one explain destroying of the backups? I guess, you don't have to destroy them if you're trying to steal the cc info or any other sensitive data.
sashkept alive by vertaalbureau0
-
03-25-2009, 08:55 AM #67Disabled
- Join Date
- Mar 2009
- Posts
- 173
Good luck in finding him, also like mike said did the off-site have backups of its backups?
0
-
03-25-2009, 09:00 AM #68Web Hosting Evangelist
- Join Date
- Jul 2005
- Location
- Belgium
- Posts
- 507
I've noticed this today -- and I'm checking WMT every single day.
This post contains a link to one of my pages, so that's how I found that (I was looking for advice about a copyright issue with Google placing my book on its Book Search program without my permission).
sashkept alive by vertaalbureau0
-
03-25-2009, 09:21 AM #69Web Hosting Evangelist
- Join Date
- Jul 2005
- Location
- Belgium
- Posts
- 507
kept alive by vertaalbureau0
-
03-25-2009, 09:24 AM #70Web Hosting Master
- Join Date
- Nov 2007
- Location
- Dallas, TX
- Posts
- 9,064
0
-
03-25-2009, 09:29 AM #71Web Hosting Evangelist
- Join Date
- Jul 2005
- Location
- Belgium
- Posts
- 507
kept alive by vertaalbureau0
-
03-25-2009, 09:30 AM #72Web Hosting Master
- Join Date
- Nov 2007
- Location
- Dallas, TX
- Posts
- 9,064
0
-
03-25-2009, 09:44 AM #73Vice Cheese
- Join Date
- Jan 2006
- Location
- Jersey
- Posts
- 2,971
0
-
03-25-2009, 09:45 AM #74Devil's Advocate
- Join Date
- Jul 2005
- Location
- Edinburgh
- Posts
- 3,883
I'm a big believer in picking myself up, dusting myself down and quickly moving on after bad events, because there's no point pondering, wondering etc.
I've every confidence that those in charge of WHT will get to the bottom of it all. A lot of it will come out in the wash too.
I am also confident that someone like ProHacker certainly isn't going to take this lying down.
What exactly happened and how he/she/they got in will only lead to specualtion and conspiracy theories, so I'm happy enough not to be adding to what must be a mind bending task of rooting out the person(s) responsible.
Nevertheless, whoever it was will most likely brag about it too 1 too many people and they'll make enough rope to hang themselves....
that's just sod's law in action.
Either way, I can't see it having a bad effect on members who use WHT.
Right now, the team need our support and for sure they'll always have mines 100%.
p.s....they couldn't have been that good...all my infractions are still there.
owmLast edited by Outlaw Web Master; 03-25-2009 at 09:49 AM.
‹(•¿•)›
Life's what you make it.0
-
03-25-2009, 10:22 AM #75Web Hosting Master
- Join Date
- Feb 2005
- Posts
- 1,358
If that is all that was done, they could easily recover the backup using something such as http://www.cgsecurity.org/wiki/TestDisk_Download
Was anything like that tried yet? I have used that software in the past and was able to recover deleted files without issue.Eleven2 Web Hosting - World-Wide Hosting, Done Right!0