Jump to content

Holy Crap Our State Geocaching Page Has Been Hacked.

Team JSAM

By Team JSAM
in General geocaching topics

Followers 0

Recommended Posts

Team Torque

+Team Torque

Posted
Posted

Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away.

 

Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe.

Link to comment
BadAndy

+BadAndy

Posted
Posted

Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away.

 

Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe.

 

I don't see how you could come to the conclusion that he isn't on top of security. Some of the most security minded corporate and govt websites have been hacked.

Link to comment
ReadyOrNot

+ReadyOrNot

Posted
Posted

Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away.

 

Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe.

 

I don't see how you could come to the conclusion that he isn't on top of security. Some of the most security minded corporate and govt websites have been hacked.

 

When I look at the logs on my server, people are constantly trying to find holes and hack in. I doubt that they targeted the site, they probably just found a hole and took advantage of it.

Link to comment
El Diablo

+El Diablo

Posted
Posted

Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away.

 

Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe.

 

When they hit Today's Cacher it wasn't our webmaster's fault, it was the fault of the hosting company. They not only hacked our site but everyone else that was on the hosting company's server. We finally had to change hosting companies. The good thing was that they didn't mess with our data.

 

El Diablo

Link to comment
Vinny & Sue Team

+Vinny & Sue Team

Posted
Posted

Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away.

 

Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe.

 

When they hit Today's Cacher it wasn't our webmaster's fault, it was the fault of the hosting company. They not only hacked our site but everyone else that was on the hosting company's server. We finally had to change hosting companies. The good thing was that they didn't mess with our data.

 

El Diablo

What you have pointed out is extremely common; much of the security of a website really depends upon the security measures employed by the hosting company, regardless of whether the site is hosted on a shared server or on dedicated servers.

Link to comment
Team Torque

+Team Torque

Posted
Posted

Your webmaster is not keeping up on his security updates or has a poor password policy. Even 0-day hacks have a fix right away.

 

Once they are in you have little choice but to wipe clean and reinstall. Since you don't know how long it was compromised even a backup may not be safe.

 

When they hit Today's Cacher it wasn't our webmaster's fault, it was the fault of the hosting company. They not only hacked our site but everyone else that was on the hosting company's server. We finally had to change hosting companies. The good thing was that they didn't mess with our data.

 

El Diablo

What you have pointed out is extremely common; much of the security of a website really depends upon the security measures employed by the hosting company, regardless of whether the site is hosted on a shared server or on dedicated servers.

 

It is true I assumed your webmaster and hosting company was the same. Either way someone was not on top of things.

Link to comment
kcart

kcart

Posted
Posted

Public web servers get hacked, at least in part, because they're running old, outdated, unpatched software with exploitable vulnerabilities. The same thing happens to your home PC when you don't install the most recent updates. Granted, default usernames and weak passwords also increase vulnerability, but my guess is these guys go after boxes with well known, published 'sploits. And you're not alone. Looks like they've hacked dozens of sites.

 

The number of web sites being compromised and used for phishing and/or dropping malware is increasing, and most times the owner of the site is unaware it's happening. More likely, in this case, script kiddies are simply defacing web sites.

 

I could speculate as to why, but it might violate forum guidelines.

 

Let's hope you have a good backup and that your system and network resources can get your group's web site restored ... but not before locking down the server. I expect those responsible for your site's security will be more vigilant going forward.

 

©¿©¬

Link to comment
Vinny & Sue Team

+Vinny & Sue Team

Posted
Posted

Public web servers get hacked, at least in part, because they're running old, outdated, unpatched software with exploitable vulnerabilities. The same thing happens to your home PC when you don't install the most recent updates. Granted, default usernames and weak passwords also increase vulnerability, but my guess is these guys go after boxes with well known, published 'sploits. And you're not alone. Looks like they've hacked dozens of sites.

 

The number of web sites being compromised and used for phishing and/or dropping malware is increasing, and most times the owner of the site is unaware it's happening. More likely, in this case, script kiddies are simply defacing web sites.

 

I could speculate as to why, but it might violate forum guidelines.

 

Let's hope you have a good backup and that your system and network resources can get your group's web site restored ... but not before locking down the server. I expect those responsible for your site's security will be more vigilant going forward.

©¿©¬

I think that was well-said -- I agree. Many websites are years behind the curve when it comes to firewalls, security updates for routers, server OS, etc.

Link to comment
ju66l3r

ju66l3r

Posted
Posted

Often, the server is hacked by another computer that's already been compromised (aka a "zombie"). The result is that often, the original "hacker" isn't even directly responsible for what's occurred...their little worm/virus just keeps going strong looking for an exploitable computer using a brute force search and then modifying the hosted files as wanted when it gets in.

 

This isn't often the result of getting access to the actual username/password that has the access necessary. Usually, there's a hole in another program on the computer that "lends" its level of access to the offender's program in a way that lets them write their new files and then get out.

 

Really evil offender programs will install things that will tattle passwords or usernames and other information but for the most part, what you'll see is just a few index.html type file replacements and the offending program doesn't have any way back into the system once you've fixed the hole meaning everything is safe the way it was (plus the patch).

 

Unfortunately, since it's often really difficult to tell if it was a really evil hack or just a graffiti-style hit'n'run (and most of them will delete the system logs that could tell you what they did), it's safest to reset from a backup, patch to the latest software, and change passwords and things to prevent any potentially stolen information from coming back to haunt you later.

 

Just wanted to be clear on the fact that this wasn't a targeted attack nor was it probably much more than a little graffiti tagging rather than something more sinister.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 0
Go to topic listing
×
×
  • Create New...