• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 362
  • Last Modified:

Web Server Hacked

My company was recieving free hosting for a fairly large project we have been working on for the past 5 months. Several times we have had threats of people planning to hack into our server and delete everything.
Only 48 hours ago I sent an email to the hosting company about the threats of hacking. They told me that everything was secure, backed up and that I shouldn't worry about anything. If I still wanted peice of mind I had the option of applying for a username and password change, which I did.
About 12 hours ago, it came to my attention that our server had been hacked and everything had been deleted.
I spoke briefly to someone I knew from the hosting company and he said that the hackers had found our username and password then logged in normaly, so they cannot do anything about it.
Anything else he said after that sounded like bull**** because he was saying things like "It will cost us $7000 USD to have your data recovered" and "Theres a 1 in 39 chances of you getting any of you data back."

I really don't know what I should do or what I can do...this is very important.
Can someone make any suggestions as to what I should do?

Cheers

-OBCT
0
OBCT
Asked:
OBCT
  • 4
  • 4
1 Solution
 
chicagoanCommented:
What's wrong with this picture?
You had been threatened with hacking.
Someone "found" administrative credentials to a production system.
You were relying on someone else to backup 5 months worth of work without any knowledge of their practices or local copies?
You didn't have any sort of version control in place?

I can sympathize with your having been hacked, but there doesn't seem much you can do now, except to try to gather up whatever the developers have locally. If you had some sort of contractual relationship with the hosting organisation (and if it was truly free you don't) you could pursue a damage claim. If they have any sort of syslogging you may be able to trace the origin of the attack and pursue remedies there.

The best thing that will come out of this is that someone else may read this and put some disaster recovery procedures in place.
0
 
OBCTAuthor Commented:
>Someone "found" administrative credentials to a production system.

Do you think theres a possibility that someone with the server security codes could have been involved??
0
 
chicagoanCommented:
How many avenues of discovering this information are there OUTSIDE of your organization?
Does the hosting organization log logins? the IP's?
They'd have to have a pretty poor authentication system for someone to crack into it.

0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
OBCTAuthor Commented:
We did have everything backed up except for our sql database.
I don't know enough about sever security to know about the ip logs, and that sort of stuff but the server company isn't telling me much either so I'm not 100% sure what is going on.
We had the hosting totally free so we can't make a damage claim.
What are the chances of someone using a trojan or keylogger? Is there anyway to find out how this person who ever it may be got our passwords?
0
 
chicagoanCommented:
>What are the chances of someone using a trojan or keylogger?
It would still be there, they don'y evaporate.

>Is there anyway to find out how this person who ever it may be got our passwords?
If the hosting company isn't forthcoming perhaps not.
It seems the kind of thing someone would brag about though, as there was probably no finiancial motive.
0
 
OBCTAuthor Commented:
I have been sent two images of someone in a msn conversation where someone is boasting about closing us down but I didn't think it would change anything because it would never hold up in court.
I've emailed the hoster company saying that letting someone get away with this is totally unacceptable, and I'm still waiting for a reply.
We've put all our data onto a new server and we're going to get another server to run as a backup.
Just before I give you the points, do you have any suggestions as to how I can prevent such a thing happening in the future?
0
 
chicagoanCommented:
Getting to the bottom of how the authentication data was compromised is the first step.
What motive does this person have?
Why you?
The backup server's a good idea, and a disaster recovery plan that includes ALL your data is another.
0
 
OBCTAuthor Commented:
Thanks for your help :)

Cheers

-OBCT
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now