Community website hackers are scumbags

Discussion in 'Off-Topic Discussion' started by Loofah, Mar 4, 2013.

  1. Loofah

    Loofah Admin Staff Member

    Joined:
    Feb 20, 2008
    Messages:
    12,390
    Gender:
    Male
    Location:
    Guildford
    Ratings:
    +21,168
    I look after a community website for the residents' association which I'm also editor for.

    Today I've just discovered we've been hacked! apparently now we offer insurance and financing and, naturally, female student pictures...

    Am online with the host support being 'escalated'...
     
  2. Marley Farley

    Marley Farley Affable Admin! Staff Member

    Joined:
    May 11, 2005
    Messages:
    30,589
    Occupation:
    Grandmother Gardener Councillor Homemaker
    Location:
    Under the Edge Zone 8b
    Ratings:
    +14,124
    Hope you get it sorted out soon mate... :blue thumb:
     
  3. Val..

    Val.. Confessed snail lover

    Joined:
    Aug 2, 2010
    Messages:
    6,355
    Gender:
    Female
    Occupation:
    Retired
    Location:
    Hay-on-Wye, Hereford
    Ratings:
    +4,951
    There are a lot of scumbags around these days!!!:frown:

    Val
     
  4. Phil A

    Phil A Guest

    Ratings:
    +0
    • Like Like x 1
    • Phil A

      Phil A Guest

      Ratings:
      +0
      Oo, that one has been up for a week and they've not noticed yet:biggrin:
       
      • Funny Funny x 2
      • Loofah

        Loofah Admin Staff Member

        Joined:
        Feb 20, 2008
        Messages:
        12,390
        Gender:
        Male
        Location:
        Guildford
        Ratings:
        +21,168
        Well this one has managed to remove the entire site! It's a lowly community based site ffs not worth the effort surely!
         
      • Loofah

        Loofah Admin Staff Member

        Joined:
        Feb 20, 2008
        Messages:
        12,390
        Gender:
        Male
        Location:
        Guildford
        Ratings:
        +21,168
        Phew. A day of conversations to the U.S. and a few hackle-rising moments later... the site is back up.
         
        • Like Like x 3
        • clueless1

          clueless1 member... yep, that's what I am:)

          Joined:
          Jan 8, 2008
          Messages:
          17,778
          Gender:
          Male
          Location:
          Here
          Ratings:
          +19,594
          I'm glad its sorted for now, but i wouldn't leave it at that.

          I have a few thoughts on this.

          Firstly, the chances of your site being singled out manually are absolutely minuscule. Most likely it was a plain old fashioned port scan. You probably know that every computer connected to the internet has an IP address. We'll ignore the new IPv6 standard for now because although its increasingly common, everyone is still accessible on IPv4. IPv4 is made up of 4 numbers in the range 0 to 255, with the first two or three of those numbers representing an entire network, and then the last typically one or two numbers being specific machines on that network. Its a genius but nowadays naive indexing system. It means hackers just need to write a simple program that 'pings' each IP address in sequence and notes who replies. Once it has a list of IP addresses that reply, which will be a small percentage of the ones tested, then the program will test which ports are open. A 'port' in internet terms is just another number on the end of your IP address that tells the machine which process the incoming request is meant for (in oversimplified terms). There are certain ports that are typically used for certain types of traffic, for example normal internet traffic happens on port 80, FTP is often on port 21, and secure HTTP is often on 127 for example. The hacker's program will go through its list of known valid IP addresses, and test which ports are listening on those IP addresses. After that, its just a case of testing what defences the target has, picking out the easiest (quickest to violate) and does its worst.

          The implications then from that are that 1) your ISPs security is sadly lacking, 2) You're ISPs IP addresses and port numbers are in the hackers database of 'easy targets' and therefore 3) unless your ISP takes more action than to simply restore from backup, you'll be hacked again on the next lap of the hacker's dirty program.

          The other thing that springs to mind is that you may be able to deal a blow to the hackers indirectly, using someone with more might than you alone can muster. You said the site was modified to advertise insurance. First, did you keep any evidence? In any case did you note which insurer it was? They wont have known about it, but the value proposition for the hackers will have been a click-through fee for driving traffic to these other sites. It would be great if the company was based in the UK because then you could write to them and tell them about their criminal activity under the Misuse of Computers Act 1990. If its not UK based then maybe other countries have a comparable law. A simple threat of legal action should be enough to get the ball rolling. Of course they would deny all responsibility but then you just tell them it was their advert driving traffic to their site, and if it was one of their agents that did it, they are still responsible for the activities of those they subcontract to. Insurance companies usually have good IT teams, and good legal teams. They need both. With threats of legal action which would in tern threaten their status as a regulated body, costing them a fortune in the long run, you can be sure they would then do all they could to ensure their ads don't get used in the click-throughs posted by the hackers, which in turn makes the activity less lucrative for the hackers. It would be nothing even close to an outright victory, because the hackers would just move on, but it would be like a quick punch on the nose at least.
           
          • Informative Informative x 3
          • Loofah

            Loofah Admin Staff Member

            Joined:
            Feb 20, 2008
            Messages:
            12,390
            Gender:
            Male
            Location:
            Guildford
            Ratings:
            +21,168
            Blimey Clue, that's a lot of info to take up while eating a hot crossed bun!
            Thanks for the info. The insurance info was, bizarrely, just advertising the same site, it wasn't even directing anything anywhere else (that I could see). It was all so pointless.
            I had a chat with the ISP and they promise, promise promise that the security is up to scratch and that whatever went wrong is fixed. Right. Well I'm convinced, what about everyone else?
            From my point of view the only thing I could reasonably do is move hosts which I'm pondering at the moment...
             
          • clueless1

            clueless1 member... yep, that's what I am:)

            Joined:
            Jan 8, 2008
            Messages:
            17,778
            Gender:
            Male
            Location:
            Here
            Ratings:
            +19,594
            So not a click-through then. Possibly a DDoS (distributed denial of service) attack on the site that hosts the image of the ad. By getting enough people to request that image at the same time, you overwhelm the target server so it can't respond to genuine requests, effectively taking it down. In the olden days of the t'interweb the phone networks used to pay people for generating traffic of any kind on their lines, because they got paid for the traffic, in the form of people's internet subscriptions. I can't see how that could still work now that we mostly have all inclusive broadband packages though.

            If they've given you assurances about their security, and you've been happy with them so far, I'd stay put for now. If you switch now you'll have some down time anyway while your site moves over (the old DNS propagation delays).
             
          • shiney

            shiney President, Grumpy Old Men's Club Staff Member

            Joined:
            Jul 3, 2006
            Messages:
            60,998
            Gender:
            Male
            Occupation:
            Retired - Last Century!!!
            Location:
            Herts/Essex border. Zone 8b
            Ratings:
            +117,297

            Hi Zigs, I clicked on your link and it took me to someone's page and advertised cruisecouk (I've left out the dots). I couldn't see any message from you, but I'm not a member of FB so maybe can't see it.

            cruisecouk is a reputable travel agent (not quite an oxymoron :heehee:) and owned by Victoria Travel. I don't think they would have done anything naughty. :)

            If you think they are doing something wrong then let me know (PM me the details) and I'll follow it up with them.
             
          Loading...

          Share This Page

          1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
            By continuing to use this site, you are consenting to our use of cookies.
            Dismiss Notice