Server (was) under attack
Hi friends. some days ago I received this message from the company that hosts Posetteforever :
Dear Client,
We were informed yesterday, Wednesday 5 October, about an improper access to our internal system.
As far as we can presently reconstruct, the attackers could have been able to access internal
customer data on Hetzner Online's administrative systems.
As soon as we were made aware of this, we immediately began to reconstruct the incident.
To our present knowledge we have no information regarding data abuse from customers.
Unfortunately, it is not possible for us to exclude this possibility completely and we would
therefore ask that you change all passwords on your Hetzner system immediately as a precaution.
We recommend that you do not use identical passwords for multiple systems.
We make every effort to ensure that your customer data is in safe hands. Data security is a
very high priority for us. However, it is unfortunately not possible to completely exclude
incidents such as this from happening.
To ensure complete and transparent clarification, we shall shortly be reporting this
incident to the regulatory authorities.
The current status of the investigation may be seen on hetzner-status.de
We thank you for your understanding and for placing your trust in us.
Best regards,
We were informed yesterday, Wednesday 5 October, about an improper access to our internal system.
As far as we can presently reconstruct, the attackers could have been able to access internal
customer data on Hetzner Online's administrative systems.
As soon as we were made aware of this, we immediately began to reconstruct the incident.
To our present knowledge we have no information regarding data abuse from customers.
Unfortunately, it is not possible for us to exclude this possibility completely and we would
therefore ask that you change all passwords on your Hetzner system immediately as a precaution.
We recommend that you do not use identical passwords for multiple systems.
We make every effort to ensure that your customer data is in safe hands. Data security is a
very high priority for us. However, it is unfortunately not possible to completely exclude
incidents such as this from happening.
To ensure complete and transparent clarification, we shall shortly be reporting this
incident to the regulatory authorities.
The current status of the investigation may be seen on hetzner-status.de
We thank you for your understanding and for placing your trust in us.
Best regards,
I wanted to keep you appraised even if I think that no action is needed by the users of this site for a couple of reasons:
-There are no valuable data on the site (I know that everything here has a big value for us, but I'm talking of more material things like credit card numbers) and in case of attack I can access a backup both for the contents and the database
-The password encryption is not the standard one on PF, I mean, nothing that an expert hacker could not understand in minutes but this would suppose the intention to attack this site and there is no reason to do it againts a place that has no valuable data, by a serious hacker. In the past there was a defacement of the main page of the site but it was done using a easy code readily available on the net, there was nothing special if not follow the instruction and find a site mantained by a hobbyist (
). Anyway the passwords are made with two keys, one is here and the other one is given by your browser, the one here is useless alone, I can't even retrieve a password, it has to be changed if someone forgets it.
Anyway, they hacked for sure the passwords of the email addresses of the site, that doesn't mean you, but for example my own email address "@posetteforever.com" and the one of Posy and Angela... If you remember a couple of weeks ago I asked on the shoutbox if someone noticed a strange behaviour by their email client, I was receiving replies from addresses that looked like they were receiving spam from me... Someone got the passwords and kept sending spam by the email addresses of the site, so I changed'em all and also changed the fake email address of the site from "donotreply" to "noreply".
I also warned the provider but they noticed the attack days later
...
This company performs a lot of mantainance almost every day, at night, here in Europe, that means afternoon in the American continent, I'm sorry about it. It's a problem that has no solution because every company works on the servers at night, so when PF was hosted in Arizona I had the same problem here, sometimes they were working on the site while here was not sleep time...
(For who doesn't know it already, PF is currently located near Frankfurt, Germany)
that's all, in any case if you notice something strange bump me...
P.S. if the site is down, you can check this page:
http://www.hetzner-status.de/en.html
in order to see if they are currently working on our server (which address is www188.your-server.de )
72512
50450
5031
Yep! It's been hacked alright! 
the real owner is 
, no jokes 
And The Will? 
