Hacked!

first let me vent my anger
grrrrrrrrrrrrraaaaaaaaaaaaaaaaahhhh

ok
our website (www.team759.org) has been hacked and it is really annoying.
Anyone know of anything that can be done? our webmaster says they have deleted everything etc and it has angered me greatly.

No backups at all…?!? gasp

And you aren’t on archive.org either.

Google as at least one page: http://64.233.167.104/search?q=cache:f0nw3GpMPhwJ:www.team759.org/+&hl=en

If you put in the addresses for all the pages on the site, you might be able to get them all from it’s cache. Maybe you won’t have to redo the whole site…

Hope you get it back.

IM me on my SN: TeknoBramha , I might be able to help you privately, no promises though

Now is a good time to design a new site. Its not all that hard. You’ll need it for next year anyways.

Definately work on security. If you where running ISS, FTP or a misconfigured SQL, shame on you.

heh, its been pretty much sorted, they only replaced the homepage lol…
we are redisigning for nxt year anyway … its about 30% done or something apparently…

This is when you get to see how good your webhost and your webmaster
really are. Both should have backups. If you have a very cheap
webhost, the responisibility is almost completely on your webmaster.

When my website was hacked, my webhost had a dummy page up within an
hour (so that they whole world doesn’t see the hacked message), and it
was restored from the nightly backup after about 6 hours.

Another suggestion, find a webhost that doesn’t use IIS.

What would be wrong with using FTP? I use it to let users on another harddrive of mine which I have other files to download. I wasn’t able to get APACHE to access the other harddrives. Would you reccamend something better than FTP?

Later on, if you would like a place to hold a backup of yoru page PM me or something, I’ve got plenty of extra space where I could allow you to upload yoru page and most of the stuff, nothing too major, I could easily allow a gig or so.

-Mike

My advice:
-Vent the rest of your anger in creative ways first. :wink:
-Then rebuild your website
-After your done with that, give some sort of protection. I can’t bring anything to mind that would do that, but find some protection.

Sorry about the accident though. I can’t wait until these sort of incidents stop.

It sends passwords in cleartext. 'Nuff said :wink:

SFTP or SCP…

After hearing about 759’s mis fortunate accident i’m going on to check my old teams web site that i created but haven’t checked for months… shame on me =(

Hope you get it all back up consider putting the webpage on one computer and backing it up to a cd and store the cd in a safe place if you have 2 computers create and save on one back up on another make sure your webhost has some sort of protection against hackers and make sure you have a firewall with some added computer protection.

If I dont use passwords (anonymously lgged in) I dont have the password problem. I’m guessing you’re referring to the sending of passwords typed as someone is logging in.

What is the actual name os SFTP or SCP and/or where could I get it? freeware? shareware? I’m using Ceasor FTP, however its spelled.

Anonymous FTP is a problem in and of itself :stuck_out_tongue:

Both are part of the OpenSSH package…

Yes, FTP does use plain text to send your data, but so do most username and password login forms on the internet, including Yahoo mail and Hotmail. Furthermore, MANY servers out there are not setup to recognize the private/public key encryption method used by SFTP. Yes, there are more secure methods out there, but a lot of times you just have to settle for a reasonable level of security.

Change your password often and don’t use the same password in more than one place (although many of us do anyway.) Create regular back ups. Be sure to use a reliable web host with 24/7 monitoring. Security shouldn’t be a major issue for a FIRST team site. It’s unfortunate your site was hacked, but realize this sort of thing is uncommon. You should only really have to worry about advanced security if your site becomes quite large (receiving thousands of hits per day.)

n00b question : What is ISS?

ISS is the International Space Station, which is probably not what he meant.

IIS is Internet Information Services, and is Microsoft’s Web/FTP server. Its security record has only recently been dwarfed by Internet Explorer’s.

http://www.dgl.com/itinfo/2001/it010723.html

IIS has a security record at all?

Seriously, a misconfigured (or unconfigured) IIS server is kind of like putting up a little sign that says “Free access, just need to know how to spell cmd.exe”

So does your server actually use IIS? (I’m sorry if that was mentioned and I missed it, little rushed) and also do you know how it was hacked? Many of the simpler and common exploits are patchable.

Also, do you have a firewall running to block off access to only the relevant ports? (80, perhaps 25/143 if it handles e-mail as well).

If you want more tips on securing a computer e-mail me or PM me.
matt AT zilla DOT pyroweb DOT us.

Bye all.

i dont know tbh, its not the stuff i know about

It does look like your host does use IIS. Just typing in the URL with a random page name afterwards is enough to tell you. The page returns:

HTTP 404 - File not found
Internet Information Services

That would bring up this question- is your site hosted and administered somewhere where you control the server, or are you paying a hosting company for webspace. If the former, a number of people in this thread have already indicated they would be happy to help you out in securing the server. If the later, I suggest you contact your host about the incident, and ask what methods they have in place to secure their servers.

I ma sorry to hear about the crack incident. What software or operating system was the server running? If it is UNIX or Linux, does your host offer SSH? Was a database available for crackers? Some server packages include the option of periodically backing up the entire thing or part of the server to a remote directory using SSH or SFTP.
Look into a UNIX-based server to take advantage of built-in SSH, SFTP, APACHE, etc.
If you need help, please email me at redfedora AT gmail DOT com