Announcement

Collapse
No announcement yet.

Looks like on of the big boards got hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Computer Chat Looks like on of the big boards got hacked

    TheWhir Report:

    (WEB HOST INDUSTRY REVIEW) -- The popular web hosting discussion community Web Hosting Talk (www.webhostingtalk.com) was hacked over the weekend, and some user data was compromised and distributed by hackers, according to posts made by forum moderators over the last two days.

    After several lengthy periods of downtime on Saturday and Sunday, the forum returned, but missing a collection of posts that appears to stretch back to October of 2008.

    A post Sunday evening by a forum moderator with the username SoftWareRevue said the site’s database tables had been corrupted in an attack, and its offsite backup servers had gone down. The site was restored using an old database temporarily while database information was being restored.

    Another post from the same moderator followed Monday, providing more details on the impact of the attack and outage.

    “We've since learned that this very deliberate, sophisticated and calculated hack against Web Hosting Talk was carried out by gaining access to our offsite backup servers,” says the post From our backup servers, the hacker gained access to the WHT db server. The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.”

    According to the post, the attacker is in possession of files containing user names, email addresses and hashed passwords, which, according to the poster would be extremely difficult to decrypt. No credit card or PayPal information was compromised.

    Nevertheless, it might be prudent for users of Web Hosting Talk to update their password just to be on the safe side.

    The attacker, however, has reportedly been posting the information to file sharing sites, and administrators are working to stop the proliferation of the information out of concern for the email list falling into the hands of spammers.

    According to SoftWareRevue’s post, the site’s operators are working to recover the data deleted from the backup servers, though it is not yet clear whether a more recent backup will be recovered.

    In the meantime, the site is still running off the older backup.

    WHT is looking for information about anyone who might have been involved in the attack.
    Granted the compromise was on the backup server and not the software (props vB), it's still sad to hear a big board like this get their legs clipped out from underneath them.

    http://www.webhostingtalk.com/showthread.php?t=729362

    Beware... it's a ****-fest in that thread.

  • #2
    Interesting. I don't even know what my password is on that site. Its been a while since I visited and actually logged in.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment


    • #3
      Looks like they didn't read this thread.
      http://www.vbulletin.com/forum/showthread.php?t=194701

      Comment


      • #4
        Has nothing to do with vBulletin really. The person or persons responsible found a weakness in an off-site database storage server and exploited it.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API

        Comment


        • #5
          Originally posted by Wayne Luke View Post
          Has nothing to do with vBulletin really. The person or persons responsible found a weakness in an off-site database storage server and exploited it.
          That's true, this has nothing to do with their vbulletin software...

          Comment


          • #6
            Originally posted by subzero06 View Post
            That's true, this has nothing to do with their vbulletin software...
            phpBB are going to love this. After many posts of some users saying something along the lines of "phpBB sucks, it got hacked" even though we tried to tell them phpBB didn't get hacked, it was another script that was insecure.

            Even though vBulletin didn't get hacked directly I'm sure phpBB and IPB users are going to say it was.

            Comment


            • #7
              They can't seem to take the fact that is wasn't due to software fault. On another note, I changed my password twice that same day after they expired about 5 mins after each other.
              Shamil Nunhuck, - Radon Systems Ltd.
              VPS + Dedicated Server Hosting and Management
              vBulletin Hosting and Services
              Server / Website Consultation

              Comment


              • #8
                Awesome WHT, I'm already feeling the love in a 500% spam increase. Well, that's the last time I've signed up on any forum with a non-spam address. Bloody amateurs...
                Former endorsement revoked. You know the saying - one rotten apple spoils the whole barrel...

                Comment


                • #9
                  More known sites are bigger targets, and especially with webhostingtalk where the community members who run hosting sites and what not - in other words : know what they are doing - it is easier for them to exploit the site. Can happen to anybody and it does.

                  Comment


                  • #10
                    WHT was done a few years ago.. I don't think them getting hacked makes a difference. They were dead then, and they are dead now....

                    Comment


                    • #11
                      What's interesting is that they deleted the data on the backup server though, to which only very few have any useful information about it.
                      Shamil Nunhuck, - Radon Systems Ltd.
                      VPS + Dedicated Server Hosting and Management
                      vBulletin Hosting and Services
                      Server / Website Consultation

                      Comment


                      • #12
                        Originally posted by subzero06 View Post
                        That's true, this has nothing to do with their vbulletin software...
                        Absolutely right. See the hacker posting here:

                        http://tristanperry.com/pics/Erm,%20what.jpg
                        http://tristanperry.com/pics/What2.jpg

                        Comment

                        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                        Working...
                        X