The hacked thing happens to all major even minor sites... backups can be compromised everything and anything... You just got to rebuild and try to better secure you box to hopefully prevent another attempt.

 

I didn't know a hacker could reach out and compromise offline tapes..

If a site does not have a good backup strategy, it is probably because they are being cheap and won't pay for the service.

-Mark

 

Chuckle....so true.....Chuckle

 

Well, actually backup tapes, daily off-site backups really don't mean crap if a hacker has installed a backdoor and has been lurking around for sometime "while the backups have been periodically been maintained" and has been doing god knows what, it just means the backups are also compromised as well. Sure, lets reinstall a compromised backup so the same thing can happen again.

Probably script kiddies got in by being lucky and exposing something vunelruble on the box whether it being forum software related, php software related, OS related, whatever and with that said who knows how many back doors could have been added on top of the original one. It is hard to tell many times and that is why it's a good idea to start fresh with a clean OS install, etc...

Sure you can run rootkit scanning software and whatever, but the question is how long has the hacker had access to the box and how far did they compromise it.

Nevertheless, I hope NLOC/NHTOC gets back on their feet and stronger.

 

i guess they are making progress over there. if you go to the home page of NLOC/NHTOC it comes up with some "Apache is working on your webserver" thingy

 

That is possible as well......I don't know if BigD has the scratch to defend against aggressive attacks like say american express does.....

 

Do you do this stuff for a living? If so, make sure your resume never crosses my desk..

 

Do I do this stuff for a living? No!

My resume won't cross your desk unless you are a GS/ES-somebody working for the government, particularly the U.S. Department of the Treasury/I.R.S. that has the authority to hire someone in a given job vacancy

I do however own a box that is collocated and have been through this road a few times as NLOC/NHTOC are currently going through and do sever admining as a hobby.

I'm sure some of the wiser peeps at linuxquestions.org would agree with a few things of what I am saying.

I don't know exactly what happened over at nloc/nhtoc nor do many of us do aside from the peeps in the know, bottom line hopefully all will be back up soon and they harden up their box!

 

If we follow your logic, why ever back up anything. If it is lost, hell, lets just start over!

Your logic on a clean OS install is fine, but any potential backups are more valuable than Gold when it comes to the databases, photo libraries, etc..

As for linux folks, you can get them to agree to anything as long as you say Microsoft sucks and put a penguin in your sig..

-Mark

 

you mean everyone start over? what about the precious post count and registeration date that some hold as the holy grail to seperate the noobs from the regulars.... which I always thought was funny, because those with the most knowledge don't post.

NLOC? KARMA?

 

My logic in what I said is not just one sided, all I did was just state a fact, the situation is a double edged sword...

If a system is compromised unknowingly via an uploaded script or a backdoor of some sort and if backups are occurring on a daily/regular basis with such in place... aren't those backups then compromised?

After a box is compromised, an actual attack on a box whether it being a defacement of a site or sites, formating of the box's hard drive or whatever can happen at a much later time at the hackers choice.

Sure you can go through the logs and try to pinpoint every questionable action, but how long is that process and are you sure you are going track everything and FIND all of the hacker's doing and be able to undo any of the mischeivious works of the hacker?


The os install... I'm glad we agree on something

Here is another thing I think I can say we agree on... is that sifting through any backup on hand and pick and pulling certain databases, pics, etc, and starting over again with a fresh install of the base software (ex: forum software, photo gallery, cms, whatever) is the wisest thing to do.

Now without knowing where the point of compromise is at makes things risky.

-- Here is a real life example from something I experienced on one of the sites I am hosting on my box...--

A site of mine was using coppermine photo gallery and a recent vunerability was exposed and a HELL OF A LOT of sites with coppermine photo gallery got hit by hackers. The vunerability was running a query string that allowed anyone regardless of permission level to upload a .php file and be able to query that .php file from the directory that it was uploaded to since the uploads directory by default is set to a permission level of "777" and script kiddies are able to upload these neat little scripts that allow you to scan a persons box, sniff for passwords of users of the box (root level users, etc...) and upload/download files from that box.

Anyway, this cat got in via a neat little script he uploaded by the name of
"c99.php" and he ran an ebay scam email/pass phising site (mimicked an ebay login screen) where he phised for ebay account info. I was able to find out that the fawker installed 8 backdoors in various directories within the box all of which were found and deleted... I was lucky.

He did this silently for roughly a month without detection, but when the server load was running high during normally low traffic time periods I was suspicious and investigated the abnormality.

Needless to say I was forced to scrap a lot of data and had to go through each mysql database the site I am referring to had to make sure everything was kosher.

The site is back up, everything has been updated, case closed



That is funny, you must be a Microsoft guy


-Chris

 

As long as the backups were done correctly, the photo galleries, threads, etc should be fine and all that would need to be done is a fresh OS and application software install to eliminate any existing 'threats' - then any security and application upgrades could be applied before bringing everything online.

Just all depends on the level of backup done.............................


Bird

 

MFWERD!

This man speaks the truth!

 

I guess I missed a few things by working away from the computer.

Oh well, no big deal.

 

LOL.......it's down again........LMAO