…but the hacking and messing up of my own company website by some little f**king t*sser with too much time on his hands and a total lack of morals has so far cost me about a grand and a massive amount of stress to put right, to say nothing of the hassle generated for all the people who visited it and got redirected to a something horrible site and possibly infected with a virus.

What is the point? How does messing with someone’s livelihood prove how clever you are?

gggrrrrrrraaaAAAAAAAAAAAAARRRRRRRRRRRRGGGGGGGGGGGGHHHHHHHHHH!!!!!!!!!!!!!

You have my sympathy.

I haven’t been on the receiving end of this myself, but I do remember the amount of upset/anger/grief caused by the little twunts who did a similar thing to STW almost two years ago. B@stards.

It doesn’t prove how clever they are, it’s just vandalism – no different to those who find it acceptable to take a spray can to someone elses property.

You should post the details here, IIRC I think the STW massive did quite a good job of uncovering the culprit! 😛

Hope it all gets sorted swiftly for you and there’s not too much long term damage done.

Mrs Toast – Member
You should post the details here, IIRC I think the STW massive did quite a good job of uncovering the culprit!

+1

and iirc we also managed to turn the forum the little runt frequented into STW for a breif period of time, while this site was being rectified and fixed, congrats again to all those involved in that and in the restoration and repair of STW after the ‘attack’ as that is what it was, I still don’t and doubt I ever will, understand the fascination and enjoyment that people get from this type of vandalism.

Hope you get it all sorted.

Would it be churlish of me to ask about backups?

Also, do you know the attack vector? Ie, can you stop it happening again?

yeah, I bet there are a few people here who could help you track the culprit.

BTW – what happened to the scrote who hacked this site?…

Shirley a backup would only get the site online again but not solve the issue that allowed the twunt to ‘hack’ it in the first place & so he’d have been back to the start again my dear… still seems quite a price to pay though, would have thought the web designer/developer should have ‘helped’ to fix the issue (though this probably depends on how long ago it was built).
You have my sympathy though, crap position to be put in my a bored 14 year old.

actually, I would consider it a timely security reminder. Be grateful your site wasn’t turned into a botnet vector or worse 🙁

BTW I tought it was unofficially requested that no “gloating” was to be done about the STW hack, so as to not antagonise the happy campers on ‘that’ site from starting another ‘war’.

So SSSSSsshhhh!

Did you not have any intrusion prevention in place?

We have our sites running through multiple proxies and firewalls.

Out of interest, how much do you spend on website hosting and security each month? We find it very difficult sometimes to convince clients of the need to pay for business-critical hosting rather than the pennies you can get simple hosting for.

We use Rackspace for our server and sub-let to clients – that way they get fantastic backup in the event of any kind of hack.

Back ups are fine, but you need to work out how it was hacked in the first place, which can be a pain in the back side.

There’s all sorts of ways the website can be compromised. Depends on the type of hack, if it’s an exploit in the way the site is coded then its a case of double checking the site code. If its a physical attack then you need to look at server/access security.

Or could be something as simple as guessing your password. In my experience, you can never have enough logging.

Simple hosting for simple sites m_f no need to pay a ridiculous amount as long as you make sure any machines with direct access are secure.

Obviously the higher up the chain you go in terms of the type of client the more critical the security. All the big clients we work for have their own hosting & secrurity protocols etc.

As mentioned above, backups are critical.

TrailerTrash, as others have said, bad luck on that and I truly sympathise; I know what a ballache it can be to have a little scrote do that.

To find out how it happened, you’re going to need to look at IDS logs, package version levels and a whole host of things. I know people that do that professionally, and could even have a crack at it myself if you wanted, but it’s worth bearing in mind that if you wanted a prosecution out of it (something that could well be possible under UK computer mis-use laws), you would have to make sure that you have an unspoilt chain of evidence.

Simple hosting for simple sites m_f no need to pay a ridiculous amount as long as you make sure any machines with direct access are secure.

Obviously the higher up the chain you go in terms of the type of client the more critical the security. All the big clients we work for have their own hosting & secrurity protocols etc.

As mentioned above, backups are critical.
Of course, but I ask the question as the OP has lost quite a considerable amount of time and money and perfectly illustrates why paying for business-critical services can be an important decision. (Ours starts at £16 a month so it isn’t expensive and it would pay for itself if it had prevented such an attack).

Thanks for all the support and feedback. Really very much appreciated.

The problem resulted from a security weakness in WordPress, not due to a security breach here or poor work on my web developers part. I have received instructions from my hoster on how to flush the code out of my site and how to upgrade my security so it should not happen again. I have done all of this and so far no more problems.

We pay about £200 a year for hosting, a fairly minimal amount. In fairness our hosts have been very helpful.

The grand we lost was due to the time I spent on non-fee earning work fixing the site and lost business from the site being hacked. I put it at about a grand, it’s probably more. I have not allowed anything for the time of friends and people who share the workplace helping out. It could be three times that overall.

To answer a few of the questions
– intrusion prevention – just the normal passwords and access keys for wordpress and ftp
– backup – to my embarassment no. we were lucky the site was not just deleted, although we know our hosters do keep weekly backups.

Best

Tim

Yeah – that WordPress fault became apparent in July/Aug and we insisted all sites we host were upgraded (and charged to do it). All upgrades were completed in August over a three of four day period.. Any that didn’t upgrade would have been removed from our server. One was nearly dumped but they decided to pay for the WordPress upgrade.

Please can you tell me what was the WordPress upgrade? As I understand it I am using the latest version.

We have our sites running through multiple proxies and firewalls.

Most “hacks” these days are script/SQL injection or cross-site scripting. Proxies and firewalls don’t help much with those as the site itself is vulnerable, they just help contain the damage once folk are in.

The only attacks I’ve had have been down to content management fauls and, remarkably, it was very easy to avoid when the attack method was identified and was caused by me not keeping up with security updates from the CMS supplier.

It was frustrating but not damaging as it was a personal site. You have my sympathy.

Open source is great isn’t it 🙂

edit: better qualify this, as the above is neither use ‘nor ornament.

We use WordPress / Drupal / Joomla! All the time they are pretty good and they cost nothing but they also cost nothing for a ‘nobber to get take to pieces and exploit any weakness. Now the community will patch it up pretty quick but that still leaves a whole load of sites out there without the patch to be got!

But you paid nothing for it, so who can you blame?

Buy a CMS get a maintenance package and this is less likely to happen ‘cos a) harder to get source code b) fewer sites running on them so why when you’ve got the free ones to attack

Please can you tell me what was the WordPress upgrade? As I understand it I am using the latest version.

Apparently it was an SQL injection into a database via a form that we became aware of (after one of our sites was hacked – fortunately our hosting provides daily and mirrored (off-site) back-ups). Apparently it effects all old versions of WordPress and updating to v.3 fixes it (for the time being of course).

Please let me know if yours IS v.3 because if it is, we will be looking at security again!!!!

Here is a piece about the security issue….

http://status.mediatemple.net/weblog/category/system-incidents/1378-information-about-compromised-sites/

Yes, we were v3.01 ! latest

Do you know what happened then? Was it definitely a WordPress fault or some other hack? Could you let me know what you were told to do by your hosts to improve security??? Please!