Gandalf: Thank you for the detailed explaination, I'll read it again.
I checked my pages, only index.html was replaced, what really upset me
is that now it's 48 hours after I sent the request to the ISP, still
no response; I can understand now hacking does happend and I can fix
the problem myself, but their services disappoint me.
On Tue, Jan 26, 2010 at 12:32 AM, Gandalf Parker gand...@any1can.net wrote:
Ive worked as admin for ISPs. And one of those was owned by a law firm.
I will take a stab at this.
On Mon, 25 Jan 2010, Hai Yi wrote:
The website hasn't been restored yet, even I wrote an urgent email to
the support of my ISP, lunarpages.com, no response after 24 hours
except for an automatic email. This host used to be a good one,
responding to the requests in time and to the point; however it's
becoming a disappointment in recent years, I think it's time for me to
move my business else where.
Hacks happen. The defenses for hacks are developed and distributed after
hacks occur. One event by itself is not a good reason to move. In fact,
its rather like a lightening strike. The fact that they got a wakeup call
means that moving to one that is still asleep could be a bad move.
On the other hand, this is a simple attack with a simple fix. From the
sound of it I would expect that every index.htm, index.html, main.html,
home.html and a long list of other main pages were simply overwritten with
the signature webpage for bragging rights. A simple script should be able
to go to the backups and restore every modified page. Any ISP that is slow
on this might be worth moving away from.
Id recommend Sonic.net
Anyway, I hope someone here can help me with a few questions: does the
ISP bear responsibility for such a security breach?
Yes and no. You copied your pages to their server. Your alternative was
doing your own. They would only have to show reasonable effort. But they
can be sued for loss of business if you can show the amount prior and
after.
My homepage is replaced by the hacker's page of some crap, is that the
best he can do? what kind of attack it is? are they able to access my
data? I checked that my files are still there, but not sure if the
hacker has made a copy.
They got into someones account. That account could be highly compromised
but its unlikely they bothered looking thru everyones stuff on the server.
Once they plant their flag (the replaced index pages) they usually delete
every trace they can behind them and leave. The account they got into
might have lost everything in their directories in the cleanup/escape.
Do you have a copy of the webpage on your machine? You really should no
matter what ISP you go to. Just upload the page back to your account.
DISCLAIMER: these are of course my one opinions of what I would do if this
was me. The safe and appropriate instructions would be much harsher.
Usually something like delete everything, reformat, start over.
Gandalf Parker
--
Saying your system is secure should be considered the same as saying
your food is too hot. Its a temporary condition which is going away even
as you speak.
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech
___
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech