Results 101 to 125 of 213
Thread: WHT Data - Q&A Information
-
03-25-2009, 05:00 PM #101Junior Guru Wannabe
- Join Date
- Jun 2008
- Posts
- 97
SWR - when this dude is found can you stick him up so every member of WHT can kick the crap outta him
0
-
03-25-2009, 05:04 PM #102Aspiring Evangelist
- Join Date
- Jul 2007
- Posts
- 441
I am sorry to know about this
This is very bad situation... I hate these hackers very much. They can spend lots of time doing bad coding but can't spend few hours to do some good thing?
I hope WHT will be more safe now and the team will be able to restore all data.Professional Banner Design :: Complete Satisfaction & Fast Turnaround
InspireFusion.com :: Art, Design & Inspiration Blog0
-
03-25-2009, 05:06 PM #103Newbie
- Join Date
- Mar 2009
- Posts
- 25
In my websites, i do the backups with the cpanel and i send it to a remote ftp server, hackers can't access to them because it is password protected, they never have been hacked it.
0
-
03-25-2009, 05:08 PM #104Web Hosting Master
- Join Date
- Mar 2008
- Location
- Los Angeles, CA
- Posts
- 555
Well just running an FTP server you are still in danger of being hacked. Also when you need to make backups often (every day) you really have to find a way to automate it. I think its best to automate it from the remote side because then you can run it from a machine which is completely firewalled and doesn't allow any connections from the outside.
0
-
03-25-2009, 05:14 PM #105Aspiring Evangelist
- Join Date
- Mar 2008
- Location
- SEO cyberspace
- Posts
- 423
I am sure that this will serve to alert all of use to review our backup plans and tighten them up.
If your backups are not too large a spare copy burned on a set of DVDs is hard to hack. Backing up to an offsite server via scp or ssh is fast but does leave foot prints.
Good luck with your restorations, I know what a hard job that can be.0
-
03-25-2009, 05:24 PM #106Web Hosting Master
- Join Date
- Apr 2002
- Location
- AU
- Posts
- 1,049
All backup procedures seem insufficient when you have to restore from one. argh!
0
-
03-25-2009, 05:24 PM #107Newbie
- Join Date
- Mar 2009
- Posts
- 25
Good idea, i can burn it on a DVD or i can transfer it to a firewalled ftp that only acept conections from the website host.
0
-
03-25-2009, 05:49 PM #108Junior Guru Wannabe
- Join Date
- Sep 2007
- Location
- UK
- Posts
- 49
That is not secure - in FTP, passwords are sent in plain text, and it's possible for someone to "sniff" the connection and grab the details.
Anyway, having had a server broken into a few years ago, I know what it's like. I hope WHT find out who's responsible and recover without pulling too much hair...0
-
03-25-2009, 05:52 PM #109Newbie
- Join Date
- Mar 2009
- Location
- East Borneo
- Posts
- 12
Yup, better burn it on dvd for couple months.
0
-
03-25-2009, 06:10 PM #110Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
03-25-2009, 06:17 PM #111:]
- Join Date
- Jul 2007
- Location
- Pennsylvania, USA
- Posts
- 686
I have a quick suggestion. Has anyone considered allowing IP by IP access to the servers? Such as only the IP addresses of iNet staff and coordinators are allowed to access the servers, and if this happened, they'd know it was a 'inside job.' .
0
-
03-25-2009, 06:24 PM #112Newbie
- Join Date
- Mar 2009
- Posts
- 25
But the hacker will inject a malicious code in the WHT server to hack the backups.
0
-
03-25-2009, 06:55 PM #113:]
- Join Date
- Jul 2007
- Location
- Pennsylvania, USA
- Posts
- 686
0
-
03-25-2009, 07:02 PM #114Newbie
- Join Date
- Jul 2006
- Location
- World Wide Internet
- Posts
- 27
This is the reason why big forum like WHT need to make automatically backup each hour and saving it into remote location which doesn't connected to the internet at all. hacking is only manner of time and money , that's all. if hacker want to hack and it's made his target then if he has the money = time then he will succeed. because of that I suggest to use remote backup which doesn't connected to the Internet at all. this is my advice.
WinnerServ , Web Hosting & VPS Provider
http://www.wserv.co.il/he/
World Wide infrastructure , Get A VPS and WebHosting Services across the globe from 1 centralized provider.0
-
03-25-2009, 08:20 PM #115Junior Guru Wannabe
- Join Date
- Sep 2007
- Location
- UK
- Posts
- 49
But if it's a remote location, how do you connect to the backup machine if it's not connected to the internet?
If someone gains root access to a machine, they can do just about anything. Things like read scripts that control backups and contain addresses and account usernames and passwords, etc., of where those backups are.
If they have access to the server, they will also be able to connect to a machine that is only connected to the server via a second, private, network connection.
Perhaps the only "safe" way of backing up is to backup to a tape or CD/DVD drive directly connected (or built in) to the server, and for someone to physically swap the tapes or DVDs on a daily basis.0
-
03-25-2009, 08:34 PM #116Disabled
- Join Date
- Mar 2009
- Posts
- 173
0
-
03-25-2009, 08:50 PM #117WHT Addict
- Join Date
- Aug 2008
- Location
- Canada
- Posts
- 121
backup and unplug. Seems like having it off the net would be a plausible step to take.
█ No Overselling Guarantee | Now Includes a Free Domain
█ Shared Hosting • Reseller Hosting • VPS Hosting
█ BLD Hosting - Web Hosting | Web Hosting Blog0
-
03-25-2009, 09:25 PM #118Web Hosting Guru
- Join Date
- Jul 2006
- Posts
- 307
Make sense.
Surely WHT would have a spare computer that can just connect at set times to download a backup and then disconnect. It' it's firewalled JUST for outgoing connections one have to break into their offices to get their hands on that backup.
Suggestion to WHM
I don't use WHT so much but is it possible to use this incident to start a security channel what users can join to get access to the best and latest server security support?
There are TONS of security advice, programs and more available and I am sure MOST of the security related time spend by administrators is to decide what's best or necessary or what not.
I for one WHT member will be more than willing to pay a subscribtion fee to pay for the service of a security expert whose task it is to investigate and suggest a good security system for various server models, cPanel, Plesk etc.Frank Coetzee
SA Internet News Group cc
"I hear and I forget, I see and I remember. I do and I understand. " - Chinese Proverb0
-
03-25-2009, 10:14 PM #119Web Hosting Master
- Join Date
- Jan 2004
- Posts
- 593
I blame Obama.
But seriously, this stuff can happen. This makes you wonder how many other websites data theft has happened to, except the difference is that the website owner never knew.Check out my new Chrome Extension - Server Admin Tool
frustratedtech.com - Helpful Server Tech Advice0
-
03-25-2009, 10:28 PM #120Web Hosting Guru
- Join Date
- Oct 2001
- Posts
- 315
Well, I'll be darned. I haven't been around much last couple months. (My post count is probably accurate!)
Thanks for the email, SWR. Things will clearly be fine.0
-
03-25-2009, 10:53 PM #121Aspiring Evangelist
- Join Date
- Jun 2003
- Posts
- 378
That is so unfortunate, I hope you guys are able to restore everything as quickly as possible.
Services: SMF Theme Creation | Play: Best Text RPG (Browser game)0
-
03-25-2009, 10:56 PM #122******* Unleaded
- Join Date
- Feb 2004
- Posts
- 3,849
Yes, it is unfortunate.
If it had happened to another forum in another topical space it would be one thing. But, given the audience at WHT, it is almost a blessing in disguise.
This event leaves very little wiggle room with respect to backups and security considerations.
For a host to now whistle in the dark while looking away from the graveyard would be inexcusable.edgedirector.com
managed dns global failover and load balance (gslb)
exactstate.com
uptime report for webhostingtalk.com0
-
03-25-2009, 10:59 PM #123Aspiring Evangelist
- Join Date
- Apr 2001
- Location
- Il
- Posts
- 448
May I ask, what version of vbulletin this is and if vbulletin has been contacted about this?
http://www.realwebhost.net
http://www.realwebhost.net/vps.php
ICQ 120397604 |MSN : hotmail.com | AIM : rwhsupport | Yahoo: rwhmax0
-
03-25-2009, 11:07 PM #124Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
This is nothing to do with vBulletin.
There is no best host. There is only the host that's best for you.0
-
03-25-2009, 11:11 PM #125Web Hosting Master
- Join Date
- Aug 2003
- Location
- East Coast
- Posts
- 2,082
Has anyone tried to do a data recovery on the backups? I assume the hacker didn't overwrite the drive with data.
0