Hacked!

[Denman]

first let me vent my anger
grrrrrrrrrrrrraaaaaaaaaaaaaaaaahhhh

ok
our website (www.team759.org) has been hacked and it is really annoying.
Anyone know of anything that can be done? our webmaster says they have deleted everything etc and it has angered me greatly.

[Ryan M.]

No backups at all...?!? *gasp*

And you aren't on archive.org either.

Google as at least one page: http://64.233.167.104/search?q=cache...59.org/+&hl=en

If you put in the addresses for all the pages on the site, you might be able to get them all from it's cache. Maybe you won't have to redo the whole site...

Hope you get it back.

[Bharat Nain]

Quote:

Originally Posted by Denman

first let me vent my anger
grrrrrrrrrrrrraaaaaaaaaaaaaaaaahhhh

ok
our website (www.team759.org) has been hacked and it is really annoying.
Anyone know of anything that can be done? our webmaster says they have deleted everything etc and it has angered me greatly.

IM me on my SN: TeknoBramha , I might be able to help you privately, no promises though

Now is a good time to design a new site. Its not all that hard. You'll need it for next year anyways.

Definately work on security. If you where running ISS, FTP or a misconfigured SQL, shame on you.

[Denman]

heh, its been pretty much sorted, they only replaced the homepage lol..........
we are redisigning for nxt year anyway .... its about 30% done or something apparently....

[Joe Ross]

This is when you get to see how good your webhost and your webmaster
really are. Both *should* have backups. If you have a very cheap
webhost, the responisibility is almost completely on your webmaster.

When my website was hacked, my webhost had a dummy page up within an
hour (so that they whole world doesn't see the hacked message), and it
was restored from the nightly backup after about 6 hours.

Another suggestion, find a webhost that doesn't use IIS.

[Mike AA]

Quote:

Originally Posted by plutonium83

Now is a good time to design a new site. Its not all that hard. You'll need it for next year anyways.

Definately work on security. If you where running ISS, FTP or a misconfigured SSL, shame on you.

What would be wrong with using FTP? I use it to let users on another harddrive of mine which I have other files to download. I wasn't able to get APACHE to access the other harddrives. Would you reccamend something better than FTP?

[Mike AA]

Quote:

Originally Posted by Denman

heh, its been pretty much sorted, they only replaced the homepage lol..........
we are redisigning for nxt year anyway .... its about 30% done or something apparently....

Later on, if you would like a place to hold a backup of yoru page PM me or something, I've got plenty of extra space where I could allow you to upload yoru page and most of the stuff, nothing too major, I could easily allow a gig or so.

-Mike

[JoeXIII'007]

My advice:
-Vent the rest of your anger in creative ways first.
-Then rebuild your website
-After your done with that, give some sort of protection. I can't bring anything to mind that would do that, but find some protection.

Sorry about the accident though. I can't wait until these sort of incidents stop.

[steven114]

Quote:

Originally Posted by Mike AA

What would be wrong with using FTP? I use it to let users on another harddrive of mine which I have other files to download. I wasn't able to get APACHE to access the other harddrives. Would you reccamend something better than FTP?

It sends passwords in cleartext. 'Nuff said

SFTP or SCP...

[mtaman02]

After hearing about 759's mis fortunate accident i'm going on to check my old teams web site that i created but haven't checked for months..... shame on me =(



Hope you get it all back up consider putting the webpage on one computer and backing it up to a cd and store the cd in a safe place if you have 2 computers create and save on one back up on another make sure your webhost has some sort of protection against hackers and make sure you have a firewall with some added computer protection.

[Mike AA]

Quote:

Originally Posted by steven114

It sends passwords in cleartext. 'Nuff said

SFTP or SCP...

If I dont use passwords (anonymously lgged in) I dont have the password problem. I'm guessing you're referring to the sending of passwords typed as someone is logging in.

What is the actual name os SFTP or SCP and/or where could I get it? freeware? shareware? I'm using Ceasor FTP, however its spelled.

[steven114]

Anonymous FTP is a problem in and of itself

Both are part of the OpenSSH package...

[Phil 33]

Yes, FTP does use plain text to send your data, but so do most username and password login forms on the internet, including Yahoo mail and Hotmail. Furthermore, MANY servers out there are not setup to recognize the private/public key encryption method used by SFTP. Yes, there are more secure methods out there, but a lot of times you just have to settle for a reasonable level of security.

Change your password often and don't use the same password in more than one place (although many of us do anyway.) Create regular back ups. Be sure to use a reliable web host with 24/7 monitoring. Security shouldn't be a major issue for a FIRST team site. It's unfortunate your site was hacked, but realize this sort of thing is uncommon. You should only really have to worry about advanced security if your site becomes quite large (receiving thousands of hits per day.)

[Denman]

n00b question : What is ISS?