Hacked, Dude construction pages down

[peter.coombe]

My website has been hacked so the popular Dudenbostle construction pages, plus everything else on the site are currently not available. Apologies to anyone trying to access them. Stupid thing is I noticed it before the host provider did and deleted the offending files, and was about to replace everything on the site, but they suspended my account. Now I can't do anything. Completely stuffed. This could take a while to fix and undoubtedly will take up a lot of time I would much rather spend in the workshop. The host provider is not fast at responding to support calls. I hate the low life who do this sort of thing with a passion. Second time it has happened in 20 years so I am averaging one in 10 years. The last time was a big time consuming major pain to get it all back and this time it will probably be worse since the technology has moved on a bit since then.

[Bernie Daniel]

Sorry, what rotten luck!! So it must have been done solely out of spite or something? So many low-lifers floating around the world these days! Good luck at getting back up. Host provider needs to be "fast at responding to support calls"!!! Yes?

[Jess L.]

...So it must have been done solely out of spite or something? ...

Not necessarily. (I'm certainly no expert, but this is what I've read over the years on security-related forums.) Many hacked websites are just randomly targeted, via automated processes looking for vulnerabilities to exploit for a variety of nefarious reasons that typically are completely unrelated to the site's original purpose or its owner. For instance, if I recall correctly - a hacked machine could be an unwitting participant in a botnet, or hosting malware etc. A glance through just about any website's server logs usually reveals plenty of exploit *attempts*, automated processes trying various things to infiltrate the site to gain unauthorized access. Most of it isn't anything 'personal', it's just that they're looking at zillions of websites and they happened to find one that they could exploit.

... So many low-lifers floating around the world these days! ...

Yeah there are plenty of things to watch out for, that's for sure. Always something new, it's hard to keep up with all of it.

[peter.coombe]

Many hacked websites are just randomly targeted, via automated processes looking for vulnerabilities to exploit for a variety of nefarious reasons that typically are completely unrelated to the site's original purpose or its owner.

That is right. In my case they inserted some malware. All I know is that it was some sort of phishing malware and I deleted it, but apparently not deleted fast enough. What the vulnerability was at this stage I have no idea because the site host people have still not restored access. I can't really blame them for the sledge hammer approach, they are just protecting themselves and their other clients, but their support turnaround times are way too long, so I am not very happy. They need to support the victims, not punish them. They asked me to agree to make changes so that it never happens again. I can make changes to greatly reduce the probability of it happening again but there is never a 100% guarantee. Nobody can make a 100% guarantee, not me, not even them, so they are asking for the impossible. Unless something changes reasonably soon, I will be telling them to stick it and go elsewhere. Whatever, it is going to be a lot of work to sort this out. I suspect the vulnerability may be in the third party product I am using so that could be a big problem to fix, but at the moment I can't do anything so don't know. When I get access back the plan is to have a quick snoop around to see what changed, then delete everything and install a skeleton web site while I work out a long term solution. The longer term solution will probably involve spending some money on security scanning software and finally implementing SSL. SSL does not protect you against hacking, it is all about protecting confidentiality and search engine ratings. I don't have anything that is confidential and don't collect any information, so never bothered. There is no e-commerce, no blogging, no logins, no CMS, no SQL, so that eliminates some things, but there are Java scripts (from the 3rd party provider). My old dinosaur web site was never hacked in nearly 20 years so all this new technology does make you a easier target. The previous hack was because the host provider did not patch the server. Thousands of web sites were hacked and the company went bust as a direct result.

[Bill McCall]

Everybody's just an IP address, scans are run looking for vulnerabilities and then attacked programmatically. If you're a bank or something else special with data or $, you get targeted by the minute both on the public front end and at internal users by spear fishing. Hospitals get attacked for identity theft and medical fraud, banks for $.

As you say, you can reduce your front end exposure, remove known weak components, lock down access and still be at the mercy of the host provider.

Sometimes its just like a brick through the window, simple vandalism, kiddies trying out a new script.

[peter.coombe]

Progress. I have my access back, and the host provider techs have been very helpful. There is now a maintenance page up and the Dudenbostle construction pages are back. Still need to get Nortons to stop blocking it. Has been interesting trawling through the logs and now I can see how much probing is going on the what they are looking for, but finding the actual exploit is a needle in a haystack. Now the real work starts.