Gandalf: Thank you for the detailed explaination, I'll read it again. I checked my pages, only index.html was replaced, what really upset me is that now it's 48 hours after I sent the request to the ISP, still no response; I can understand now hacking does happend and I can fix the problem myself, but their services disappoint me.
On Tue, Jan 26, 2010 at 12:32 AM, Gandalf Parker <gand...@any1can.net> wrote: > > Ive worked as admin for ISPs. And one of those was owned by a law firm. > I will take a stab at this. > > On Mon, 25 Jan 2010, Hai Yi wrote: >> The website hasn't been restored yet, even I wrote an urgent email to >> the support of my ISP, lunarpages.com, no response after 24 hours >> except for an automatic email. This host used to be a good one, >> responding to the requests in time and to the point; however it's >> becoming a disappointment in recent years, I think it's time for me to >> move my business else where. > > Hacks happen. The defenses for hacks are developed and distributed after > hacks occur. One event by itself is not a good reason to move. In fact, > its rather like a lightening strike. The fact that they got a wakeup call > means that moving to one that is still asleep could be a bad move. > > On the other hand, this is a simple attack with a simple fix. From the > sound of it I would expect that every index.htm, index.html, main.html, > home.html and a long list of other main pages were simply overwritten with > the signature webpage for bragging rights. A simple script should be able > to go to the backups and restore every modified page. Any ISP that is slow > on this might be worth moving away from. > Id recommend Sonic.net > >> Anyway, I hope someone here can help me with a few questions: does the >> ISP bear responsibility for such a security breach? > > Yes and no. You copied your pages to their server. Your alternative was > doing your own. They would only have to show reasonable effort. But they > can be sued for loss of business if you can show the amount prior and > after. > >> My homepage is replaced by the hacker's page of some crap, is that the >> best he can do? what kind of attack it is? are they able to access my >> data? I checked that my files are still there, but not sure if the >> hacker has made a copy. > > They got into someones account. That account could be highly compromised > but its unlikely they bothered looking thru everyones stuff on the server. > Once they plant their flag (the replaced index pages) they usually delete > every trace they can behind them and leave. The account they got into > might have lost everything in their directories in the cleanup/escape. > > Do you have a copy of the webpage on your machine? You really should no > matter what ISP you go to. Just upload the page back to your account. > > DISCLAIMER: these are of course my one opinions of what I would do if this > was me. The "safe and appropriate" instructions would be much harsher. > Usually something like delete everything, reformat, start over. > > Gandalf Parker > -- > Saying your system is secure should be considered the same as saying > your food is too hot. Its a temporary condition which is going away even > as you speak. > > _______________________________________________ > vox-tech mailing list > vox-tech@lists.lugod.org > http://lists.lugod.org/mailman/listinfo/vox-tech > _______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech