|A site hacked - lessons from Webmasterworld?|
Backups and live server wiped by hackers
Quite amazing to see the problems over at webhosting talk.
They were hacked and all their posts up until Octoboer 08 are gone. They had backups of course including offsite but those were online and wiped as part of the hack attack.
They only have a physical backup and have had problems restoring from that.
What a nightmare.
Now it seems that the intent was to wipe out negative comments about certain sites and businesses that were exposed on there.
Here at Webmasterworld there is a strict policy on not posting highly critical posts in detail about businesses and sites (I know this because my own posts have been deleted here under this policy.)
Now I originaly thought this policy misguided and stopped contributing here. But seeing the damage wrought over at the other place I am wondering if the Webmasterworld policy is right after all, or at least comes from a practical idea of self preservation.
Stopping some of the worst scammers and scum of the earth,is important by exposing their antics but is it worth the price of desctructive hacks like this?
I doubt that the policy is in force due to concerns over hacking. And no, I don't agree that that's a valid reason for implementing a policy.
I'd bet it's in place so they don't have to deal with all the legal crap that would result. That, and there are certainly reputation management specialists here that would use this to their advantage if it were allowed.
The WebmasterWorld policy is useful because libel is expensive, and whenever you deal with user-generated reviews of businesses then the issue of honesty comes up. People have reasons to lie, and how can anyone hope to police it all? There's no way the mods can investigate and verify everything that's said.
Here is part of what they said:
|What do we know about the damage done? |
This attack was very deliberate, sophisticated and calculated. The attacker was able to circumvent our security measures and access via an arcane backdoor protected by additional firewall. We are still investigating the situation, but we know the attacker infiltrated and deleted the backups first and then deleted three databases: user/post/thread. We have no record or evidence that private message data was accessed. Absolutely no credit card or PayPal data was exposed.
Do we know the motivation behind the attack?
We donít know enough at this time, so any insight would be purely speculative in nature. WHT is a platform where positive and negative information is shared and exposed about business and individuals. Under TOS policy, we cannot edit or remove user-generated content at the request of an unsatisfied third party. Therefore, WHT tends to become the target for disgruntled individuals and businesses.
True enough Rosalind, as I say I think that policy here was a little strict, and although other places survive with letting people give more information perhaps here it still is more strict than it is ideal.
Mods are polite and seem fair. I just wonder about the policy. Can there be maybe comments from those that write the Rules. Is that Brent?
Thanks card_demon. You know, within about 30 seconds of hearing of the problem over there, I immediately thought of our policy here and wondered how much grief it had saved us and the community.
The poloicy is in place to stop the various issues out of our control:
- someones vendetta against a company,
- people from using us as the public feedback system trying to get someones attention.
- random acts of flaming.
- unstable individuals (trust me, we are dealing with several on going ones that are certifiable - including life threats).
- legally dubious issues out of our area of expertise.
- to provide a safe environment for all members to participate without fear. From the search engine rep to the hyper aggressive anti search engine rep - as long as it is civil discourse and legal, they have a place here.
In short, we are not here to be used as a platform for resolving or pursuing disputes. No one wants to visit a site full of complaints about this company or that company. It lowers the overall quality of the discussions if you let that in the general message base.
I think that is the bulk of it, but I am sure there are incidents and issues that escape my thoughts right now, as it was one of the widest ranging parts of the tos.
|[The hacker] is still in possession of our user table that includes all user names, email addresses and hashed passwords. Absolutely no credit card or PayPal data was compromised. |
Passwords are hashed with salt. It would be an unprecedented event to reverse engineer our passwords.
My concern is the distribution of your email addresses and the potential spam you may receive. We know the hacker has posted the user table containing email addresses to various places (file sharing sites) and we're working diligently to remove the tables as we find them. If you see the user table posted anywhere, please let us know so we can get it taken off line.
Goes to show that the idea of using different passwords for each site is an important one. Can be sure that spam is the least of some people's problem from this as people are going to see other accounts at other places hacked over last week's time because they have same password every where.
What about other sites and silent hacks. The silent hacks where people just don't know that the emails and passwords have been stolen!
This hack was any thing but silent showing it is clearly about revenge of some kind.
This whole debacle also shows how ungrateful some peopel can be. Some of the replies over there are quite amazing given that while peopel put in sweat to make the content in posts, a hack like this is difficult to stop, and a little support and grace for those owners trying to get the site back would be a nice thing!
At least they just lost a few idiots because of this judging by some of those posts. Let's hope they don't come here!
|Goes to show that the idea of using different passwords for each site is an important one. Can be sure that spam is the least of some people's problem from this as people are going to see other accounts at other places hacked over last week's time because they have same password every where. |
And sadly this has come to pass because a iNet interactive subsystem stored credit card numbers and CVC codes in the clear in violation of PCI DSS (and common sense) :(