Results 101 to 125 of 495
-
04-08-2009, 11:18 AM #101Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
0
-
04-08-2009, 11:20 AM #102Web Hosting Master
- Join Date
- Oct 2006
- Location
- /usr/src/linux/
- Posts
- 700
Honestly you don't even know if the hacker still has access on your servers. I'd say there's a good chance he still does, despite your "security sweeping"
If I were in this situation I would backup anything that's irreplaceable like databases and custom code and rebuild everything from scratch, binaries, the kernel and php code can not be trusted at this point. Any code restored should be manually checked.
Until that's done nobody can guarantee your servers are secure/clean.
I highly doubt you even check md5sums to verity the integrity of your data, after all this fiasco.█ VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
█ 99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
█ Follow us: twitter.com/VPSnoc
0
-
04-08-2009, 11:26 AM #103Aspiring Evangelist
- Join Date
- Oct 2005
- Posts
- 397
0
-
04-08-2009, 11:26 AM #104Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Server Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com0
-
04-08-2009, 11:33 AM #105Web Hosting Master
- Join Date
- Apr 2004
- Location
- UK
- Posts
- 1,334
That'd make sense if I had missed something - I reread the OP and Q&A thread but couldn't find any specific details. The last I understood, it was assumed the hacker was leaking out information he took at the time of the initial compromise, and had not committed another attack.
0
-
04-08-2009, 11:33 AM #106Web Hosting Master
- Join Date
- Aug 2001
- Location
- Boston
- Posts
- 1,568
Additionally, I want to reiterate the fact that there are card statuses that say "removed" (which means a user manually removed their card) but were not physically cleared out from the database.
Not removing the card information AND storing the CVV2 number are just unacceptable to no end.0
-
04-08-2009, 11:38 AM #107Web Hosting Master
- Join Date
- Oct 2006
- Location
- /usr/src/linux/
- Posts
- 700
What's done is done, it was wrong and illegal. However I'm not seeing any actions taken to prevent this.
When you get hacked you get paranoid simple as that, you don't hope for the best you restore everything from zero and you do not repeat the same mistakes you did before.
Encouraging people to change their password and cancel their credit cards is good to nothing for a measure to prevent this from happening again and again.█ VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
█ 99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
█ Follow us: twitter.com/VPSnoc
0
-
04-08-2009, 11:44 AM #108Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
Bingo! This is exactly what I have been saying for the past few weeks. What sort of system administrator is not "ultra-paranoid" after such incidents? What sort of system administrator would not be aware of EVERYTHING after a compromise? What sort of system administrator shrugs of a compromise and provides very misleading, inaccurate, self-serving, plain stupid, diagnostics.
Server Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com0
-
04-08-2009, 11:46 AM #109Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
0
-
04-08-2009, 11:47 AM #110Web Hosting Master
- Join Date
- Oct 2005
- Location
- UK
- Posts
- 552
In case some of you guys haven't seen it yet:
http://www.webhostingtalk.com/announ...php?f=31&a=1340
-
04-08-2009, 12:00 PM #111Newbie
- Join Date
- Mar 2006
- Location
- Blackpool, UK
- Posts
- 26
Chris Daley :: Dwebs Ltd :: Company No. 05603664 :: 0330 22 90 666
https://dhosting.uk - Web Hosting, Manged Servers, Email Hosting
My views are my own and not those of my company.0
-
04-08-2009, 12:02 PM #112Engineer
- Join Date
- Jan 2005
- Location
- Scotland, UK
- Posts
- 2,681
After reading that two questions immediately crop up,
"At 6:15am Tuesday, the hacker communicated that he also had stolen credit card data. As you know, we initially reported that no credit card data was compromised. Some of our older systems do store credit card data, and that data sits on a database server separate from the WHT databases and under a separate layer of security. At the time of the March 21st attack, we could find no evidence that the database server containing credit card data was compromised."
The data from the latest was from at the very earliest march 25th. Also the database dump of the credit cards show this was from,
# MySQL version: (4.0.27-standard-log) running on 69.20.126.7 (www.webhostingtalk.com)
The question has to be if these were in fact additional database systems, "security layers" or however you want to paint them. Why was it so easy to access all of them. If that system was so easy to access, what exactly is to say that the others were not also? This includes my.inetinteractive.comServer Management - AdminGeekZ.com
Infrastructure Management, Web Application Performance, mySQL DBA. System Automation.
WordPress/Magento Performance, Apache to Nginx Conversion, Varnish Implimentation, DDoS Protection, Custom Nginx Modules
Check our wordpress varnish plugin. Contact us for quote: sales@admingeekz.com0
-
04-08-2009, 12:06 PM #113Web Hosting Master
- Join Date
- Aug 2001
- Location
- Boston
- Posts
- 1,568
Thanks for the announcement.
I think that the wording should be changed.
Our current research indicates that that data breach encompassed 318 valid credit card numbers with CVV code and about 1,900 expired credit card numbers with CVV code.0
-
04-08-2009, 12:07 PM #114cout << m_subtitle;
- Join Date
- Jan 2007
- Location
- /dev/null
- Posts
- 3,700
About the password talk earlier,
it is pretty easy to check who had changed his password, just compare the old password hash codes to the new ones, if it doesn't match he/she changed it, something that can be easily checked by playing with SQL queries.0
-
04-08-2009, 12:08 PM #115Evenly Divided
- Join Date
- Aug 2001
- Posts
- 4,028
Are you ****ing kidding me?
So the last 3 weeks the hacker had access to the servers still?
I assume you can't be 100% sure that you're secured now eh... I'd bet my left testicle this hacker is still looking at the databases.
With that said, how easy it for someone to reverse engineer a password from that database? Is it possible?
Lastly, since WHT won't... could someone message me with my line from the db?0
-
04-08-2009, 12:08 PM #116Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
04-08-2009, 12:08 PM #117Web Hosting Master
- Join Date
- Oct 2005
- Location
- UK
- Posts
- 552
0
-
04-08-2009, 12:10 PM #118Evenly Divided
- Join Date
- Aug 2001
- Posts
- 4,028
I think you fail to realize what they're implying.
Basically the hacker confirms with his wording that he had access to redownload the user table AFTER the initial hack near the end of March. Which means he had access to WHT even after all the security audits were completed...0
-
04-08-2009, 12:11 PM #119Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
04-08-2009, 12:11 PM #120Disabled
- Join Date
- Oct 2005
- Location
- Six Degrees From You
- Posts
- 1,079
0
-
04-08-2009, 12:12 PM #121Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
04-08-2009, 12:12 PM #122WHT Addict
- Join Date
- Jun 2008
- Location
- Atlanta, Georgia
- Posts
- 111
I seriously hope you catch this guy, I find it very weird that he would cumminicate again after this was over...
0
-
04-08-2009, 12:14 PM #123Evenly Divided
- Join Date
- Aug 2001
- Posts
- 4,028
0
-
04-08-2009, 12:15 PM #124Dennis Johnson
- Join Date
- Jun 2001
- Location
- Kalamazoo
- Posts
- 33,412
0
-
04-08-2009, 12:16 PM #125Web Hosting Master
- Join Date
- Oct 2006
- Location
- /usr/src/linux/
- Posts
- 700
The odds are good that the hacker still has access on for all we know ALL iNet's servers at this very moment.
Hell he even might have included a carefully optimized sshd exploit which attacks the ssh client such as putty for example and exploits the connecting client, so even the workstations iNet use to "administer" their servers might be compromised, of course that's paranoid thinking, but paranoid thinking is required in situations such as these not optimism.
Think iNet should start backingup irreplaceable data take everything offline and start installing fresh OSs on all of their servers and before restoring misson critical data each file should be verified that's not modified.
Only then can we be sure that the servers are clean and believe that they didn't do the same mistakes as before which got them compromised in the first place.█ VPSnoc.com offers high quality Xen® OpenVZ & Windows® Virtual Private Servers at affordable prices.
█ 99.95% Uptime | 24/7/365 Support | Unmetered bandwidth.
█ Follow us: twitter.com/VPSnoc
0