Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Web Server Hacked

Posted on 2003-12-09
8
Medium Priority
?
360 Views
Last Modified: 2010-04-11
My company was recieving free hosting for a fairly large project we have been working on for the past 5 months. Several times we have had threats of people planning to hack into our server and delete everything.
Only 48 hours ago I sent an email to the hosting company about the threats of hacking. They told me that everything was secure, backed up and that I shouldn't worry about anything. If I still wanted peice of mind I had the option of applying for a username and password change, which I did.
About 12 hours ago, it came to my attention that our server had been hacked and everything had been deleted.
I spoke briefly to someone I knew from the hosting company and he said that the hackers had found our username and password then logged in normaly, so they cannot do anything about it.
Anything else he said after that sounded like bull**** because he was saying things like "It will cost us $7000 USD to have your data recovered" and "Theres a 1 in 39 chances of you getting any of you data back."

I really don't know what I should do or what I can do...this is very important.
Can someone make any suggestions as to what I should do?

Cheers

-OBCT
0
Comment
Question by:OBCT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 18

Expert Comment

by:chicagoan
ID: 9909943
What's wrong with this picture?
You had been threatened with hacking.
Someone "found" administrative credentials to a production system.
You were relying on someone else to backup 5 months worth of work without any knowledge of their practices or local copies?
You didn't have any sort of version control in place?

I can sympathize with your having been hacked, but there doesn't seem much you can do now, except to try to gather up whatever the developers have locally. If you had some sort of contractual relationship with the hosting organisation (and if it was truly free you don't) you could pursue a damage claim. If they have any sort of syslogging you may be able to trace the origin of the attack and pursue remedies there.

The best thing that will come out of this is that someone else may read this and put some disaster recovery procedures in place.
0
 
LVL 9

Author Comment

by:OBCT
ID: 9909956
>Someone "found" administrative credentials to a production system.

Do you think theres a possibility that someone with the server security codes could have been involved??
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9910161
How many avenues of discovering this information are there OUTSIDE of your organization?
Does the hosting organization log logins? the IP's?
They'd have to have a pretty poor authentication system for someone to crack into it.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Author Comment

by:OBCT
ID: 9910428
We did have everything backed up except for our sql database.
I don't know enough about sever security to know about the ip logs, and that sort of stuff but the server company isn't telling me much either so I'm not 100% sure what is going on.
We had the hosting totally free so we can't make a damage claim.
What are the chances of someone using a trojan or keylogger? Is there anyway to find out how this person who ever it may be got our passwords?
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9911155
>What are the chances of someone using a trojan or keylogger?
It would still be there, they don'y evaporate.

>Is there anyway to find out how this person who ever it may be got our passwords?
If the hosting company isn't forthcoming perhaps not.
It seems the kind of thing someone would brag about though, as there was probably no finiancial motive.
0
 
LVL 9

Author Comment

by:OBCT
ID: 9911205
I have been sent two images of someone in a msn conversation where someone is boasting about closing us down but I didn't think it would change anything because it would never hold up in court.
I've emailed the hoster company saying that letting someone get away with this is totally unacceptable, and I'm still waiting for a reply.
We've put all our data onto a new server and we're going to get another server to run as a backup.
Just before I give you the points, do you have any suggestions as to how I can prevent such a thing happening in the future?
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 2000 total points
ID: 9911288
Getting to the bottom of how the authentication data was compromised is the first step.
What motive does this person have?
Why you?
The backup server's a good idea, and a disaster recovery plan that includes ALL your data is another.
0
 
LVL 9

Author Comment

by:OBCT
ID: 9911298
Thanks for your help :)

Cheers

-OBCT
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question