l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2010 Jan 26 08:06

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] my site was hacked
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] my site was hacked



Gandalf: Thank you for the detailed explaination, I'll read it again.
I checked my pages, only index.html was replaced, what really upset me
is that now it's 48 hours after I sent the request to the ISP, still
no response; I can understand now hacking does happend and I can fix
the problem myself, but their services disappoint me.

On Tue, Jan 26, 2010 at 12:32 AM, Gandalf  Parker <gandalf@any1can.net> wrote:
>
> Ive worked as admin for ISPs. And one of those was owned by a law firm.
> I will take a stab at this.
>
> On Mon, 25 Jan 2010, Hai Yi wrote:
>> The website hasn't been restored yet, even I wrote an urgent email to
>> the support of my ISP, lunarpages.com, no response after 24 hours
>> except for an automatic email. This host used to be a good one,
>> responding to the requests in time and to the point; however it's
>> becoming a disappointment in recent years, I think it's time for me to
>> move my business else where.
>
> Hacks happen. The defenses for hacks are developed and distributed after
> hacks occur. One event by itself is not a good reason to move. In fact,
> its rather like a lightening strike. The fact that they got a wakeup call
> means that moving to one that is still asleep could be a bad move.
>
> On the other hand, this is a simple attack with a simple fix. From the
> sound of it I would expect that every index.htm, index.html, main.html,
> home.html and a long list of other main pages were simply overwritten with
> the signature webpage for bragging rights. A simple script should be able
> to go to the backups and restore every modified page. Any ISP that is slow
> on this might be worth moving away from.
> Id recommend Sonic.net
>
>> Anyway, I hope someone here can help me with a few questions: does the
>> ISP bear responsibility for such a security breach?
>
> Yes and no. You copied your pages to their server. Your alternative was
> doing your own. They would only have to show reasonable effort. But they
> can be sued for loss of business if you can show the amount prior and
> after.
>
>> My homepage is replaced by the hacker's page of some crap, is that the
>> best he can do? what kind of attack it is? are they able to access my
>> data? I checked that my files are still there, but not sure if the
>> hacker has made a copy.
>
> They got into someones account. That account could be highly compromised
> but its unlikely they bothered looking thru everyones stuff on the server.
> Once they plant their flag (the replaced index pages) they usually delete
> every trace they can behind them and leave. The account they got into
> might have lost everything in their directories in the cleanup/escape.
>
> Do you have a copy of the webpage on your machine? You really should no
> matter what ISP you go to. Just upload the page back to your account.
>
> DISCLAIMER: these are of course my one opinions of what I would do if this
> was me. The "safe and appropriate" instructions would be much harsher.
> Usually something like delete everything, reformat, start over.
>
> Gandalf  Parker
> --
> Saying your system is secure should be considered the same as saying
> your food is too hot. Its a temporary condition which is going away even
> as you speak.
>
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.