Home » Tuck Talk » Announcements » The site is back up.
The site is back up. [message #4169] Thu, 22 September 2005 23:26 Go to next message
Erin Halfelven  is currently offline Erin Halfelven
Messages: 712
Registered: September 2002
Location: Surf City, USA
Senior Member
Administrator
Sorry about this but four hack attacks in less than two weeks led me to try to do some serious security upgrades. They messed the system up and it has taken me most of a week to straighten it out.

Sigh.

- Erin
Re: The site is back up. [message #4170] Fri, 23 September 2005 00:18 Go to previous messageGo to next message
Sir Lee  is currently offline Sir Lee
Messages: 440
Registered: October 2003
Location: São Paulo, Brazil
Senior Member
Man, I just love Bill Tucker's name for those degenerates. Roaches. It's just so appropriate.


Don't call me Shirley. You will surely make me surly.
Re: The site is back up. [message #4171] Fri, 23 September 2005 01:37 Go to previous messageGo to next message
OtherEric  is currently offline OtherEric
Messages: 589
Registered: September 2003
Senior Member
Thank you again for all your efforts. They are appreciated.

Re: The site is back up. [message #4190] Wed, 28 September 2005 04:27 Go to previous messageGo to next message
Ellen Hayes  is currently offline Ellen Hayes
Messages: 684
Registered: September 2002
Senior Member
Glad you are recovering. One HOPES that unlike certain Maddy Bells and others, you personally are keeping BACKUPS of your sites?
(Heck, if there's any sort of overt moral lesson in Tuck, it's "Make backups!")

Also, what has been going on? Could you be more descriptive?


Ellen
nosig
Re: The site is back up. [message #4192] Wed, 28 September 2005 13:53 Go to previous messageGo to next message
Erin Halfelven  is currently offline Erin Halfelven
Messages: 712
Registered: September 2002
Location: Surf City, USA
Senior Member
Administrator
Through some PHP/MySQL exploit or another, these vandals have been getting scripts executed that give them access. Usually, all they do is send an assload of e-mail or ping attacks at some other website. Removing the scripts is easy, finding how they got in and stopping it is hard.

I'm only semi-technical myself, I did a lot of applications programming for years but very little system stuff and that not in UNIX. So I'm struggling up the learning curve while trying to do other things. Smile There may be a solution ahead.

- Joyce
Re: The site is back up. [message #4193] Thu, 29 September 2005 07:19 Go to previous messageGo to next message
Ellen Hayes  is currently offline Ellen Hayes
Messages: 684
Registered: September 2002
Senior Member
Erin Halfelven wrote on Wed, 28 September 2005 18:53

Through some PHP/MySQL exploit or another,


Are you subscribed to any security-type mailing lists? I find them VERY helpful.

Also, are you co-locating, or 'renting a part' of a server? The former offers a lot more opportunity to harden your stuff.


Erin Halfelven wrote on Wed, 28 September 2005 18:53

I'm only semi-technical myself, I did a lot of applications programming for years but very little system stuff and that not in UNIX.


If you've done programming before, then Unix ought to be easy...


Ellen
nosig
Re: The site is back up. [message #4194] Thu, 29 September 2005 08:33 Go to previous message
rachel.greenham  is currently offline rachel.greenham
Messages: 290
Registered: November 2002
Location: Bristol, UK
Senior Member
Just to add to Ellen's comment:

People make fun of me being an 'upgrade fetishist'. OTOH, since I switched from a Linux distro where keeping an old install up to date was choresome (SuSE) to one which makes updating very trivial, and doesn't retire support for old versions (Gentoo), we haven't been hacked at all. And people do try - there are multiple attempts every day.

That said, our websites are currently running on a Mac. Which is also pretty secure. OS/Distro aside, simply being non-x86 may afford some protection as exploit payload binaries are more often written for x86 systems, so the chances are even if they get something like that onto the system it just won't run. However, I'm planning to move the websites to another Mac, when it's free, this one running Gentoo again, precisely because of the updating issue, but also for greater service isolation. Under Tiger, I have to spend more time manually keeping track of updates to PHP5, MySQL, Drupal, Mambo, Wordpress, as they're not maintained as part of the OSX 'distribution'. For instance, I just discovered I'm two minor revisions behind on my MySQL install. (MySQL's ports are not reachable outside localhost though.)

Cautionary tale: Hackers can give you more than irritating downtime (and sometimes not even that). The last time we were hacked, about four or five years ago, they got into an old SuSE 7.x box - I think the version wasn't supported by SuSE any more. Keeping it up to date was a fiddly, manual process and it got neglected.

The scary part is who "they" were. We noticed and took the machine down within an hour. Some time later we got a call from the computer crimes police dept; they wanted to know what happened, what we did about it, what we found out etc. We co-operated of course.

A while later than *that* we found out... Our machine had been briefly part of a paedo-ring botnet and we'd been very, very lucky to not have been caught up in the subsequent mass dawn-raid operation that took that ring down. How lucky? We avoided it because Jas happened to get friendly with the lead tech guys at our ISP, by talking to them at a Linux show, and because we were the first ADSL users in Bristol (early adopters! there were problems to fix) and when the cops talked to *them*, *they* persuaded the cops enough of our innocence for them to call us instead of doing the other thing.

The cops were still logging our traffic for a year or so afterwards. (No, we weren't supposed to know that.)

That focused our minds somewhat! So what did we learn?


  • Never neglect such stuff again. Just because you're not running Windows, don't be complacent. We allegedly knew our stuff.
  • Have a proper firewall. Don't depend on the individual machines' security.
  • Use distributions that are very active and don't leave you in the lurch, and that make continual updates trivial.
  • ... And update at least once a week.
  • ... And don't be overly proud of long system uptimes. That SuSE box had an uptime over a year. They got in through a kernel vulnerability.
  • ... And be forever loyal to our darling, darling, beautiful ISP. Smile (Unless they get taken over and turn crap, but that would mean those lovely, clueful, friendly techs who saved our asses won't be there, or won't have power there, any more anyway)

[Updated on: Thu, 29 September 2005 08:37]


Rachel
Previous Topic:Guestbook turned off
Next Topic:Database repaired
Goto Forum:
  


Current Time: Sun Nov 18 23:24:54 EST 2018

Total time taken to generate the page: 0.01820 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 2.7.7.
Copyright ©2001-2007 FUD Forum Bulletin Board Software