When Forums/websites get hacked....
Here is an email from a forum that I visited and contributed to, before it got hacked badly. This is just awful for those running the site. They are trying to get the domain back from some hacker in Russia.
If anyone with any experience out there on this matter I'd love to hear your input. Is there any software, site or book that you can recommend to learn more on how to try to prevent this?
Thanks in advance.
Here is part of the email:
Please make sure to change your password on the real DV and everywhere else you have been using the same password as on the fake DV, especially your email address!
I. What happened?
Due to strategic reasons only a quick overview of the happenings can be published at this point. More details will be available once the case is resolved.
Fortunately, due to the lack of root access, the thief couldn't remove their traces and so the server logs are full of evidences proving every single step of the server intrusion.
If anyone with any experience out there on this matter I'd love to hear your input. Is there any software, site or book that you can recommend to learn more on how to try to prevent this?
Thanks in advance.
Here is part of the email:
Please make sure to change your password on the real DV and everywhere else you have been using the same password as on the fake DV, especially your email address!
I. What happened?
Due to strategic reasons only a quick overview of the happenings can be published at this point. More details will be available once the case is resolved.
- On 22th Jan 2012 the thief got access to DV's server administration software, using it to create a new FTP-account downloading all webfiles from the server.
- On 24th Jan 2012 the thief used his access to DV's server administration software to get access to DV's email account. Using this, they got access to DV's account at Network Solutions (the original registrar of dreamviews.com) and initiated the transfer of the domain to Directi (the new registrar).
- On 27th Jan 2012 the thief uploaded an FTP-dumper to the server and started to create dumps of DV's database.
- On 30th Jan 2012 the transfer of dreamviews.com to the new registrar was completed, but the domain was still pointing to DV's original server so the theft would remain unnoticed until he would be finished stealing the data and removing his traces.
- On 10th Feb 2012 the dump of the current fake-DV was downloaded.
- On 19th Feb 2012 the thief tried to have Softlayer (DV's Server Provider) support team reset the root password, but failed.
- On 20th Feb 2012 the nameservers of dreamviews.com were changed to point to the new server hosting the stolen copy of DV based on the dump from 10th Feb 2012.
Fortunately, due to the lack of root access, the thief couldn't remove their traces and so the server logs are full of evidences proving every single step of the server intrusion.