Our Web server hacked!
by Arie Slob
Hello Windows users,
If you tried to visit our Web site starting last week Saturday, you may have noticed we were not online. Unfortunately, on Saturday in the early morning hours, our server was hacked and this brought down the entire Web site. We posted an article about the attack written by our President, Joseph Burke, just as soon as we got back online.
I have some idea who this imbecile is that hacked our server, at least his online identity. I had banned him from the Windows-Help.NET Support BBS last March and April for using foul language. This idiot clearly has a problem with authority. Mind you, he has been banned from other support forums as well, and tried to (more or less successfully) disrupt their operations too. This episode cost us a great deal of time, headache and dollars both in lost revenue and man hours to restore the system. Yes we had our server backed up, but the backup was on a mirror hard drive connected to the server, so the backup was destroyed too. We learned an important lesson there, I guess.
Fortunately we had 99% of the thousands of web pages on our web site stored on our local hard drives as well. Our Web sites are back in operation, but you might encouter some "dead-ends" on occasion. Please let us know! Unfortunately, the Windows-Help.NET Support BBS will be off line for a longer time. The archive was lost, and I will be changing the software for the board, so that it can be more effectively backed up in the future.
Last Saturday I discovered that a 3rd person was logged on our Web server. When I attempted to boot him off, he noticed that his cover was blown, and instead he managed to kick me off the server. Since he had altered a number of tools I tried to use against him, that wasn't too difficult for him to do.
I immediately phoned our Web host so that they disconnected the box from the 'Net, but the damage had already been done.
Once discovered, this low-life decided to delete all the files on the server. He also formatted our mirror hard drive, which we used as our backup device (I know, not a good idea - as we found out... the hard way).
Well, this meant that we had to rebuild our sites from our local backups, quite a task. After 21 hours non-stop I managed to restore the Rose City Software site. Our other domains Windows-Help.NET and InfiniSource.com took another 37 hours to restore to some working order.
Last Thursday I got knowledge of a new security vulnerability in wu-ftpd - the FTP client which was running on our server. Our DEAR friends at Red Hat where sooo friendly to release the information on the vulnerability ahead of schedule, so many were caught off-guard - but not the hackers who had a great time with unpatched systems.
I patched the FTP software on Friday, but at that time the hacker had already been on the system for several days, so he had all the back doors he needed to get back in. For more on the FTP vulnerability read this article.
So we did the only thing left in a situation like this... we started over with a brand new software installation.
We will be implementing a different backup strategy to expedite recovery in the future (God forbid it should happen again).
If you are worried about personal info, we were not storing any information on our server (only the profile information from the BBS, but that info was always publicly accessible). Our Newsletter email database is/was never stored on our server.
If you would like to help, take a look at Rose City Software and find a piece of software to buy. The prices are modest and if you can't find something useful there then you must not use your computer much at all!
Cumulative Patch for Internet Explorer
Microsoft has posted a cumulative patch for Internet Explorer 5.5 & 6 that, when installed, eliminates all previously discussed security vulnerabilities affecting IE 5.5 and IE 6. In addition, it eliminates three newly discovered vulnerabilities.
Affected Software Versions
- Internet Explorer 5.5
- Internet Explorer 6.0
Note: Microsoft tested Internet Explorer 5.5 and 6.0 to assess whether they are affected by these vulnerabilities. Previous versions are no longer eligible for hotfix support.
Rose City Software
"I was sooo tired of working my way thru five layers of the Programs Menu to access my favorite programs. QuickRun allows me to go right to them, plus any files I refer to a lot, right from an easily accessible menu. And I really like cleaning up my system tray and moving all those useless little icons into one popup menu. This is a great tool!"
-- Jeremy Braithewaite, Australia
Web Site Updates
These pages were added/updated in the past week. Information on previously updated/added pages is available on the What's New? page for 1 month.
Added: Windows XP and America OnLine
Added: InfiniSource Hacked!
Added: Microsoft Security: Cumulative Patch for Internet Explorer
Added: Microsoft Releases Windows Media Bonus Pack for Windows XP