l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2010 Jan 26 04:31

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] my site was hacked
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] my site was hacked

Ive worked as admin for ISPs. And one of those was owned by a law firm.
I will take a stab at this.

On Mon, 25 Jan 2010, Hai Yi wrote:
> The website hasn't been restored yet, even I wrote an urgent email to
> the support of my ISP, lunarpages.com, no response after 24 hours
> except for an automatic email. This host used to be a good one,
> responding to the requests in time and to the point; however it's
> becoming a disappointment in recent years, I think it's time for me to
> move my business else where.

Hacks happen. The defenses for hacks are developed and distributed after 
hacks occur. One event by itself is not a good reason to move. In fact, 
its rather like a lightening strike. The fact that they got a wakeup call 
means that moving to one that is still asleep could be a bad move.

On the other hand, this is a simple attack with a simple fix. From the 
sound of it I would expect that every index.htm, index.html, main.html, 
home.html and a long list of other main pages were simply overwritten with 
the signature webpage for bragging rights. A simple script should be able 
to go to the backups and restore every modified page. Any ISP that is slow 
on this might be worth moving away from.
Id recommend Sonic.net

> Anyway, I hope someone here can help me with a few questions: does the
> ISP bear responsibility for such a security breach?

Yes and no. You copied your pages to their server. Your alternative was 
doing your own. They would only have to show reasonable effort. But they 
can be sued for loss of business if you can show the amount prior and 

> My homepage is replaced by the hacker's page of some crap, is that the
> best he can do? what kind of attack it is? are they able to access my
> data? I checked that my files are still there, but not sure if the
> hacker has made a copy.

They got into someones account. That account could be highly compromised 
but its unlikely they bothered looking thru everyones stuff on the server. 
Once they plant their flag (the replaced index pages) they usually delete 
every trace they can behind them and leave. The account they got into 
might have lost everything in their directories in the cleanup/escape.

Do you have a copy of the webpage on your machine? You really should no 
matter what ISP you go to. Just upload the page back to your account.

DISCLAIMER: these are of course my one opinions of what I would do if this 
was me. The "safe and appropriate" instructions would be much harsher. 
Usually something like delete everything, reformat, start over.

Gandalf  Parker
Saying your system is secure should be considered the same as saying
your food is too hot. Its a temporary condition which is going away even
as you speak.

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.