♥ PosetteForever ♥
Whip The Admins... - Server (was) under attack
Tormie [ Wednesday, 12 October 2011, 09:28 PM ]
Post subject: Server (was) under attack
<img src="https://www.posetteforever.com/images/smiles/koo-koo.gif" alt="" /> Hi friends. some days ago I received this message from the company that hosts Posetteforever :
<br />
<br />
<!-- no smilies start --><div class="code"><div class="code-header" id="codehdr2_a7b9611b" style="position:relative;">Code: [<a href="download_post.php?post=43111">Download</a>] [<a href="javascript:void(0)" onclick="ShowHide('code_a7b9611b','code2_a7b9611b','');ShowHide('codehdr_a7b9611b','codehdr2_a7b9611b','')">Hide</a>] [<a href="javascript:void(0)" onclick="select_text('code_a7b9611b')">Select</a>]</div><div class="code-header" id="codehdr_a7b9611b" style="position:relative;display:none;">Code: [<a href="download_post.php?post=43111">Download</a>] [<a href="javascript:void(0)" onclick="ShowHide('code_a7b9611b','code2_a7b9611b',''); ShowHide('codehdr_a7b9611b','codehdr2_a7b9611b','')">Show</a>]</div><div class="code-content" id="code_a7b9611b" style="position:relative;"><span class="code-row-text">Dear Client,
<br />
<br />
<br />
We were informed yesterday, Wednesday 5 October, about an improper access to our internal system.
<br />
<br />
<br />
As far as we can presently reconstruct, the attackers could have been able to access internal
<br />
customer data on Hetzner Online's administrative systems.
<br />
<br />
<br />
As soon as we were made aware of this, we immediately began to reconstruct the incident.
<br />
To our present knowledge we have no information regarding data abuse from customers.
<br />
Unfortunately, it is not possible for us to exclude this possibility completely and we would
<br />
therefore ask that you change all passwords on your Hetzner system immediately as a precaution.
<br />
<br />
<br />
We recommend that you do not use identical passwords for multiple systems.
<br />
<br />
<br />
We make every effort to ensure that your customer data is in safe hands. Data security is a
<br />
very high priority for us. However, it is unfortunately not possible to completely exclude
<br />
incidents such as this from happening.
<br />
<br />
<br />
To ensure complete and transparent clarification, we shall shortly be reporting this
<br />
incident to the regulatory authorities.
<br />
<br />
<br />
The current status of the investigation may be seen on hetzner-status.de
<br />
<br />
<br />
We thank you for your understanding and for placing your trust in us.
<br />
<br />
<br />
Best regards,</span></div></div><!-- no smilies end -->
<br />
<br />
I wanted to keep you appraised even if I think that no action is needed by the users of this site for a couple of reasons:
<br />
<br />
-There are no valuable data on the site (I know that everything here has a big value for us, but I'm talking of more material things like credit card numbers) and in case of attack I can access a backup both for the contents and the database
<br />
<br />
-The password encryption is not the standard one on PF, I mean, nothing that an expert hacker could not understand in minutes but this would suppose the intention to attack this site and there is no reason to do it againts a place that has no valuable data, by a serious hacker. In the past there was a defacement of the main page of the site but it was done using a easy code readily available on the net, there was nothing special if not follow the instruction and find a site mantained by a hobbyist ( <img src="https://www.posetteforever.com/images/smiles/redembarrassed.gif" alt="" /> ). Anyway the passwords are made with two keys, one is here and the other one is given by your browser, the one here is useless alone, I can't even retrieve a password, it has to be changed if someone forgets it.
<br />
<br />
Anyway, they hacked for sure the passwords of the email addresses of the site, that doesn't mean you, but for example my own email address "@posetteforever.com" and the one of Posy and Angela... If you remember a couple of weeks ago I asked on the shoutbox if someone noticed a strange behaviour by their email client, I was receiving replies from addresses that looked like they were receiving spam from me... Someone got the passwords and kept sending spam by the email addresses of the site, so I changed'em all and also changed the fake email address of the site from "donotreply" to "noreply".
<br />
<br />
I also warned the provider but they noticed the attack days later <img src="https://www.posetteforever.com/images/smiles/rolleyes.gif" alt="" /> ...
<br />
<br />
This company performs a lot of mantainance almost every day, at night, here in Europe, that means afternoon in the American continent, I'm sorry about it. It's a problem that has no solution because every company works on the servers at night, so when PF was hosted in Arizona I had the same problem here, sometimes they were working on the site while here was not sleep time...
<br />
<br />
(For who doesn't know it already, PF is currently located near Frankfurt, Germany)
<br />
<br />
that's all, in any case if you notice something strange bump me... <img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" />
<br />
<br />
P.S. if the site is down, you can check this page:
<br />
<br />
<a class="post-url" href="http://www.hetzner-status.de/en.html" target="_blank">http://www.hetzner-status.de/en.html</a>
<br />
<br />
in order to see if they are currently working on our server (which address is www188.your-server.de )
ahjah [ Wednesday, 12 October 2011, 11:05 PM ]
Post subject: Re: Server (was) Under Attack
<img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" />
<br />
There have been several similar attacks over the last days around the web. Two days ago i recieved a mail from the webmasters of winehq (That's the forum of the developers of the wine application on linux, where i registered some time ago) about their user database being hacked, as well there's been an attack on Sony's <img src="https://www.posetteforever.com/images/smiles/eusa_think.gif" alt="" />
<br />
somethings going on, something a little bit bigger...
tda42 [ Thursday, 13 October 2011, 01:23 PM ]
Post subject: Re: Server (was) Under Attack
A German Internet writing English to an Italian. <img src="https://www.posetteforever.com/images/smiles/eusa_eh.gif" alt="" /> Yep! It's been hacked alright! <img src="https://www.posetteforever.com/images/smiles/biggrin.gif" alt="" />
Tormie [ Thursday, 13 October 2011, 10:03 PM ]
Post subject: Re: Server (was) under attack
<img src="https://www.posetteforever.com/images/smiles/biggrin.gif" alt="" /> I want also to inform you that by the end of the year the domain name will be transferred to another company, probably to the same company that keeps the web space and the database.
<br />
This is because the old company retouched a little too much the prices (maybe in order to pay the many commercials and the sponsorship on a Nascar car).
<br />
<br />
Yes, to add complication to what kenny said, actually the domain name is registered in Arizona, the site is in Germany, I'm in Italy and it's difficult to know "who is who" <img src="https://www.posetteforever.com/images/smiles/eusa_think.gif" alt="" /> even because a "whois" on Posetteforever goes nowhere <img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" />
<br />
<br />
( <img src="https://www.posetteforever.com/images/smiles/whispering.gif" alt="" /> the real owner is Posy <img src="https://www.posetteforever.com/images/smiles/heartbeat.gif" alt="" /> , no jokes <img src="https://www.posetteforever.com/images/smiles/eusa_shifty.gif" alt="" /> )
Chromium [ Saturday, 15 October 2011, 12:05 PM ]
Post subject: Re: Server (was) Under Attack
Does Posy, have a credit card too.
<br />
<br />
(Did Tormie, leave all to Posy, in his will?)
Tormie [ Saturday, 15 October 2011, 01:54 PM ]
Post subject: Re: Server (was) Under Attack
<blockquote class="quote" cite="viewtopic.php?p=43116#p43116"><div class="quote-user">Chromium wrote: [<a href="#_somewhat" onclick="javascript:open_postreview('show_post.php?p=43116');" class="genmed">View Post</a>]</div><div class="post-text">Does Posy, have a credit card too.
<br />
</div></blockquote>
<br />
<br />
Yes, mine <img src="https://www.posetteforever.com/images/smiles/rolleyes.gif" alt="" />
tda42 [ Saturday, 15 October 2011, 02:15 PM ]
Post subject: Re: Server (was) Under Attack
<img src="https://www.posetteforever.com/images/smiles/lmao.gif" alt="" /> And The Will? <img src="https://www.posetteforever.com/images/smiles/lmao.gif" alt="" />
Tormie [ Saturday, 15 October 2011, 03:35 PM ]
Post subject: Re: Server (was) under attack
<img src="https://www.posetteforever.com/images/smiles/eusa_think.gif" alt="" /> I don't think Posy would need material things because in the virtuql land thet create everything at will <img src="https://www.posetteforever.com/images/smiles/dontknow.gif" alt="" />