Solved

Web Server Hacked

Posted on 2003-12-09
8
356 Views
Last Modified: 2010-04-11
My company was recieving free hosting for a fairly large project we have been working on for the past 5 months. Several times we have had threats of people planning to hack into our server and delete everything.
Only 48 hours ago I sent an email to the hosting company about the threats of hacking. They told me that everything was secure, backed up and that I shouldn't worry about anything. If I still wanted peice of mind I had the option of applying for a username and password change, which I did.
About 12 hours ago, it came to my attention that our server had been hacked and everything had been deleted.
I spoke briefly to someone I knew from the hosting company and he said that the hackers had found our username and password then logged in normaly, so they cannot do anything about it.
Anything else he said after that sounded like bull**** because he was saying things like "It will cost us $7000 USD to have your data recovered" and "Theres a 1 in 39 chances of you getting any of you data back."

I really don't know what I should do or what I can do...this is very important.
Can someone make any suggestions as to what I should do?

Cheers

-OBCT
0
Comment
Question by:OBCT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 18

Expert Comment

by:chicagoan
ID: 9909943
What's wrong with this picture?
You had been threatened with hacking.
Someone "found" administrative credentials to a production system.
You were relying on someone else to backup 5 months worth of work without any knowledge of their practices or local copies?
You didn't have any sort of version control in place?

I can sympathize with your having been hacked, but there doesn't seem much you can do now, except to try to gather up whatever the developers have locally. If you had some sort of contractual relationship with the hosting organisation (and if it was truly free you don't) you could pursue a damage claim. If they have any sort of syslogging you may be able to trace the origin of the attack and pursue remedies there.

The best thing that will come out of this is that someone else may read this and put some disaster recovery procedures in place.
0
 
LVL 9

Author Comment

by:OBCT
ID: 9909956
>Someone "found" administrative credentials to a production system.

Do you think theres a possibility that someone with the server security codes could have been involved??
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9910161
How many avenues of discovering this information are there OUTSIDE of your organization?
Does the hosting organization log logins? the IP's?
They'd have to have a pretty poor authentication system for someone to crack into it.

0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 9

Author Comment

by:OBCT
ID: 9910428
We did have everything backed up except for our sql database.
I don't know enough about sever security to know about the ip logs, and that sort of stuff but the server company isn't telling me much either so I'm not 100% sure what is going on.
We had the hosting totally free so we can't make a damage claim.
What are the chances of someone using a trojan or keylogger? Is there anyway to find out how this person who ever it may be got our passwords?
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9911155
>What are the chances of someone using a trojan or keylogger?
It would still be there, they don'y evaporate.

>Is there anyway to find out how this person who ever it may be got our passwords?
If the hosting company isn't forthcoming perhaps not.
It seems the kind of thing someone would brag about though, as there was probably no finiancial motive.
0
 
LVL 9

Author Comment

by:OBCT
ID: 9911205
I have been sent two images of someone in a msn conversation where someone is boasting about closing us down but I didn't think it would change anything because it would never hold up in court.
I've emailed the hoster company saying that letting someone get away with this is totally unacceptable, and I'm still waiting for a reply.
We've put all our data onto a new server and we're going to get another server to run as a backup.
Just before I give you the points, do you have any suggestions as to how I can prevent such a thing happening in the future?
0
 
LVL 18

Accepted Solution

by:
chicagoan earned 500 total points
ID: 9911288
Getting to the bottom of how the authentication data was compromised is the first step.
What motive does this person have?
Why you?
The backup server's a good idea, and a disaster recovery plan that includes ALL your data is another.
0
 
LVL 9

Author Comment

by:OBCT
ID: 9911298
Thanks for your help :)

Cheers

-OBCT
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question