Page 3 of 9 FirstFirst 123456 ... LastLast
Results 51 to 75 of 213
  1. #51
    Join Date
    Jan 2006
    Location
    Jersey
    Posts
    2,971
    Quote Originally Posted by The Prohacker View Post
    There have been no signs that any information was gathered by social engineering and everything points to this being software exploit based.

    Of course there is the nagging question, how did they find our backup cluster! I'm still investigating that, and it does make you wonder, but very few people even inside of iNET knew of the off site cluster, and even fewer knew where or how to access it. The company hosting the off site backup doesn't even know the contents of our servers. So those facts make me think that social engineering is not part of this equation.
    I dont think its an inside job but a very smart way to attack because it is rather odd someone would attack the backup servers first and if its really as hard as you say it is to find your off-site backup servers, I can tell this has been in the works for a very long time. They (hackers) were probably INSIDE your systems and just sitting there quietly monitoring all your systems...see how backups are being made, how often, among other actions that you guys perform.

    They also probably noticed you guys were quick with backup restorations when may be you accidentally deleted a table or something while doing routine maintenance? That is probably how they found out where your off-site backup server were. So they first attacked the backup because seriously, who notices an old archived backup is gone when the site is up and running fine, correct? So after they made sure there would be no way to recover from backups, they deleted the actual live database.

    So after the site went down and you guys went scrambling to restore....poof...no backups.

    Of course, all this is just a theory. If they were able to remain stealth for such a long time to monitor whats going on your systems, I would think they were very good at covering their tracks as well. I hate to say it but they were smart, but I wish the best of luck to iNet to find the hackers.
    Email: info ///at/// honelive.com
      0 Not allowed!

  2. #52
    Join Date
    Jul 2002
    Location
    Victoria, Australia
    Posts
    36,939
    Quote Originally Posted by LaptopFreak View Post
    Well, they must be trying to track down the culprit, but those are just my suggestions on how, and the possibilities etc. I just love doing something a detective does!(although its not my job and I have not ever plan to be one)
    There is plenty of detective work going on already.
      0 Not allowed!

  3. #53
    Join Date
    Oct 2008
    Location
    Singapore
    Posts
    4,685
    Quote Originally Posted by anon-e-mouse View Post
    There is plenty of detective work going on already.
    Good luck in it then.
      0 Not allowed!

  4. #54
    Join Date
    Mar 2008
    Posts
    58
    i'm so sorry about what happened with WHT. but i think Administrator subjectived about backup database. I think you should rsync database to a local server in your company daily. that's better..
    anyway, i wish WHT still grow up i learned in WHT many things
      0 Not allowed!

  5. #55
    Join Date
    Nov 2003
    Location
    Amidst several dimensions
    Posts
    4,324
    Quote Originally Posted by SoftsysHosting-Rick View Post
    I am not sure if someone else speculated but I suspect this attack should have a hand from someone close to inet or server management team. This is because most of the time it is not revealed to anyone but a few people where the offsite backups are being placed.
    thats not a necessity.

    if there is any software installed within a server to connect to an outside server to place the backup there, that software probably will be using a hashed key or login info that can be found locally to connect to the remote server.

    if the remote server is accessing the server to be backed up with the target server's own login data or access hash, and then receives the backup, than that's more secure, for the login/access info on the backup server doesnt get into play at any point.
      0 Not allowed!

  6. #56
    Join Date
    Nov 2001
    Location
    London
    Posts
    4,931
    Quote Originally Posted by SoftWareRevue View Post
    Whoops.

    If I can think of any information we can post that would help anyone recognize him, we'll post it. Maybe together we can ferret him out.
    Would it not be wiser to share this information with the authorities, assuming this person is in a place that could be easily prosecuted?
    Matthew Russell | Namecheap
    Twitter: @mattdrussell

    www.easywp.com - True Managed WordPress, made easy
      0 Not allowed!

  7. #57
    Join Date
    Sep 2006
    Location
    Cardiff - United Kingdom
    Posts
    1,569
    Quote Originally Posted by mdrussell View Post
    Would it not be wiser to share this information with the authorities, assuming this person is in a place that could be easily prosecuted?
    They need to know who he is first, which is what I think SWR is hinting at

    I.e. with help of WHT members, find who he is and then report him to the authorities.
      0 Not allowed!

  8. #58
    Join Date
    Dec 2007
    Location
    Lebanon
    Posts
    413
    Quote Originally Posted by CArmstrong View Post
    Sounds good to me.
    well as you see we're posting

    Good luck guys
      0 Not allowed!

  9. #59
    Join Date
    Apr 2006
    Location
    Mandaluyong, Philippines
    Posts
    316
    Someone did this for profit, personal esteem or both. If it was just for the sake of doing it, its likely the culprit is now bragging. Given the size of the WHT community, bragging may just root them out.

    There's also the possibility that some jerk was sifting through what his botnet sent him, saw something interesting (from a staff member's shared home PC also used for work, perhaps?), investigated then exploited it. So, it may not have been as targeted as many think, just opportunistic.

    I can't stress the importance of bare metal backups, at least weekly, stored off line. Glad to see private messages seem to be untouched, good luck in getting this mess sorted out.
    Best Regards,
    Tim
    --
    Code monkey at EZP, see me on Stack Overflow
      0 Not allowed!

  10. #60
    well i shall have to registered new ID
      0 Not allowed!

  11. #61
    Join Date
    Apr 2006
    Location
    Mandaluyong, Philippines
    Posts
    316
    Is anyone else getting a ton of new spam from a company claiming to be Point Focus LLC? Its the 6'th one today. Prior to this event, I got maybe 6 per month.
    Best Regards,
    Tim
    --
    Code monkey at EZP, see me on Stack Overflow
      0 Not allowed!

  12. #62
    Join Date
    Jun 2001
    Location
    Kalamazoo
    Posts
    33,412
    Quote Originally Posted by Aussie Bob View Post
    What are the chances of restoring to last week's backup?
    I don't know. Chances? I'd say they're still in the 50/50 range.
    There is no best host. There is only the host that's best for you.
      0 Not allowed!

  13. #63
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    507
    Quote Originally Posted by mdrussell View Post
    Would it not be wiser to share this information with the authorities, assuming this person is in a place that could be easily prosecuted?
    Agreed, no matter what the aim / motivation / reasoning / modus operandi / identity of this scum might have been.

    Pass it through to the authorities. Scum is scum and should be treated as a scum.

    sash

    PS -- By the way, I've found (via external links in Webmaster tools) my last post here -- which is gone from WHT -- on some blog. Could it be related? It appeared there very recently.
    Last edited by sash; 03-25-2009 at 08:19 AM.
    kept alive by vertaalbureau
      0 Not allowed!

  14. #64
    Join Date
    Jul 2002
    Location
    Victoria, Australia
    Posts
    36,939
    How recently sash?
      0 Not allowed!

  15. #65
    Join Date
    Nov 2007
    Location
    Dallas, TX
    Posts
    9,064
    I apologize if this has been asked elsewhere in the thread, but:

    How did the hackers destroy the off-site backup?

    I am assuming they executed a command to remotely delete it...? Did the off-site backup provider not backup their servers?

    -mike
    Mike G. - Limestone Networks - Account Specialist
    Cloud - Dedicated - Colocation - Premium Network - Passionate Support
    DDoS Protection Available - Reseller Program @LimestoneInc - 877.586.0555
      0 Not allowed!

  16. #66
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    507
    Quote Originally Posted by LaptopFreak View Post
    Since WHT may be targetted by unhappy people, why not start searching from businesses who have many negative reviews and is very unhappy about it, always trying ways for them to be removed?
    Also a good point, I was thinking about that too. Which companies have received last months the bulk of negative reviews? There were not that much of them. I bet for some of them getting rid of all the negative info at once was worth taking risk and paying a hacker. How else can one explain destroying of the backups? I guess, you don't have to destroy them if you're trying to steal the cc info or any other sensitive data.

    sash
    kept alive by vertaalbureau
      0 Not allowed!

  17. #67
    Good luck in finding him, also like mike said did the off-site have backups of its backups?
      0 Not allowed!

  18. #68
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    507
    Quote Originally Posted by anon-e-mouse View Post
    How recently sash?
    I've noticed this today -- and I'm checking WMT every single day.

    This post contains a link to one of my pages, so that's how I found that (I was looking for advice about a copyright issue with Google placing my book on its Book Search program without my permission).

    sash
    kept alive by vertaalbureau
      0 Not allowed!

  19. #69
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    507
    Quote Originally Posted by anon-e-mouse View Post
    How recently sash?
    Sorry, could not edit my previous post.

    This blog is definitely a ripoff of the WHT (with recent and old posts), I was able to track a few of my own topics. Should I PM you the URL?

    sash
    kept alive by vertaalbureau
      0 Not allowed!

  20. #70
    Join Date
    Nov 2007
    Location
    Dallas, TX
    Posts
    9,064
    Quote Originally Posted by sash View Post
    Sorry, could not edit my previous post.

    This blog is definitely a ripoff of the WHT (with recent and old posts), I was able to track a few of my own topics. Should I PM you the URL?

    sash
    *kind of wants the URL, too*

    -mike
      0 Not allowed!

  21. #71
    Join Date
    Jul 2005
    Location
    Belgium
    Posts
    507
    Quote Originally Posted by Mike - Limestone View Post
    *kind of wants the URL, too*

    -mike
    Hi Mike,

    It's been PMed...

    sash
    kept alive by vertaalbureau
      0 Not allowed!

  22. #72
    Join Date
    Nov 2007
    Location
    Dallas, TX
    Posts
    9,064
    Quote Originally Posted by sash View Post
    Hi Mike,

    It's been PMed...

    sash
    I was half-joking. =P

    But interesting... The site kind of looks like a WHT rip-off that is perhaps using a RSS feed from WHT?

    -mike
    Mike G. - Limestone Networks - Account Specialist
    Cloud - Dedicated - Colocation - Premium Network - Passionate Support
    DDoS Protection Available - Reseller Program @LimestoneInc - 877.586.0555
      0 Not allowed!

  23. #73
    Join Date
    Jan 2006
    Location
    Jersey
    Posts
    2,971
    Quote Originally Posted by Mike - Limestone View Post
    How did the hackers destroy the off-site backup?
    # rm -rf *



    But if you are asking how they got INTO the off-site backup server to destroy the data, well, all of us are still speculating as to what *might* have happened.
    Email: info ///at/// honelive.com
      0 Not allowed!

  24. #74
    Join Date
    Jul 2005
    Location
    Edinburgh
    Posts
    3,883
    I'm a big believer in picking myself up, dusting myself down and quickly moving on after bad events, because there's no point pondering, wondering etc.

    I've every confidence that those in charge of WHT will get to the bottom of it all. A lot of it will come out in the wash too.

    I am also confident that someone like ProHacker certainly isn't going to take this lying down.

    What exactly happened and how he/she/they got in will only lead to specualtion and conspiracy theories, so I'm happy enough not to be adding to what must be a mind bending task of rooting out the person(s) responsible.

    Nevertheless, whoever it was will most likely brag about it too 1 too many people and they'll make enough rope to hang themselves....
    that's just sod's law in action.

    Either way, I can't see it having a bad effect on members who use WHT.

    Right now, the team need our support and for sure they'll always have mines 100%.

    p.s....they couldn't have been that good...all my infractions are still there.

    owm
    Last edited by Outlaw Web Master; 03-25-2009 at 09:49 AM.
    ‹(¿)›
    Life's what you make it.
      0 Not allowed!

  25. #75
    Quote Originally Posted by HNLV View Post
    # rm -rf *
    If that is all that was done, they could easily recover the backup using something such as http://www.cgsecurity.org/wiki/TestDisk_Download


    Was anything like that tried yet? I have used that software in the past and was able to recover deleted files without issue.
    Eleven2 Web Hosting - World-Wide Hosting, Done Right!
      0 Not allowed!

Page 3 of 9 FirstFirst 123456 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •