Solved

Web Server Hacked

Posted on 2003-12-09
8
351 Views
Last Modified: 2010-04-11
My company was recieving free hosting for a fairly large project we have been working on for the past 5 months. Several times we have had threats of people planning to hack into our server and delete everything.
Only 48 hours ago I sent an email to the hosting company about the threats of hacking. They told me that everything was secure, backed up and that I shouldn't worry about anything. If I still wanted peice of mind I had the option of applying for a username and password change, which I did.
About 12 hours ago, it came to my attention that our server had been hacked and everything had been deleted.
I spoke briefly to someone I knew from the hosting company and he said that the hackers had found our username and password then logged in normaly, so they cannot do anything about it.
Anything else he said after that sounded like bull**** because he was saying things like "It will cost us $7000 USD to have your data recovered" and "Theres a 1 in 39 chances of you getting any of you data back."

I really don't know what I should do or what I can do...this is very important.
Can someone make any suggestions as to what I should do?

Cheers

-OBCT
0
Comment
Question by:OBCT
  • 4
  • 4
8 Comments
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
What's wrong with this picture?
You had been threatened with hacking.
Someone "found" administrative credentials to a production system.
You were relying on someone else to backup 5 months worth of work without any knowledge of their practices or local copies?
You didn't have any sort of version control in place?

I can sympathize with your having been hacked, but there doesn't seem much you can do now, except to try to gather up whatever the developers have locally. If you had some sort of contractual relationship with the hosting organisation (and if it was truly free you don't) you could pursue a damage claim. If they have any sort of syslogging you may be able to trace the origin of the attack and pursue remedies there.

The best thing that will come out of this is that someone else may read this and put some disaster recovery procedures in place.
0
 
LVL 9

Author Comment

by:OBCT
Comment Utility
>Someone "found" administrative credentials to a production system.

Do you think theres a possibility that someone with the server security codes could have been involved??
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
How many avenues of discovering this information are there OUTSIDE of your organization?
Does the hosting organization log logins? the IP's?
They'd have to have a pretty poor authentication system for someone to crack into it.

0
 
LVL 9

Author Comment

by:OBCT
Comment Utility
We did have everything backed up except for our sql database.
I don't know enough about sever security to know about the ip logs, and that sort of stuff but the server company isn't telling me much either so I'm not 100% sure what is going on.
We had the hosting totally free so we can't make a damage claim.
What are the chances of someone using a trojan or keylogger? Is there anyway to find out how this person who ever it may be got our passwords?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
>What are the chances of someone using a trojan or keylogger?
It would still be there, they don'y evaporate.

>Is there anyway to find out how this person who ever it may be got our passwords?
If the hosting company isn't forthcoming perhaps not.
It seems the kind of thing someone would brag about though, as there was probably no finiancial motive.
0
 
LVL 9

Author Comment

by:OBCT
Comment Utility
I have been sent two images of someone in a msn conversation where someone is boasting about closing us down but I didn't think it would change anything because it would never hold up in court.
I've emailed the hoster company saying that letting someone get away with this is totally unacceptable, and I'm still waiting for a reply.
We've put all our data onto a new server and we're going to get another server to run as a backup.
Just before I give you the points, do you have any suggestions as to how I can prevent such a thing happening in the future?
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 500 total points
Comment Utility
Getting to the bottom of how the authentication data was compromised is the first step.
What motive does this person have?
Why you?
The backup server's a good idea, and a disaster recovery plan that includes ALL your data is another.
0
 
LVL 9

Author Comment

by:OBCT
Comment Utility
Thanks for your help :)

Cheers

-OBCT
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now