Webhostingtalk hacked

**praveen** · 03-26-2009, 12:17 PM

Quote:

At approximately 8:30 pm EST on Saturday, March 21 The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.

http://www.webhostingtalk.com/showthread.php?t=729727

**Rad_Dev** · 03-26-2009, 01:44 PM

****! That really sucks. If their DB server can get hacked, anyone's can. I hope they have off-site backups!

**andrei155** · 03-26-2009, 06:04 PM

Quote:

Originally Posted by Rad_Dev

****! That really sucks. If their DB server can get hacked, anyone's can. I hope they have off-site backups!

They do, but that was hacked too.

**rosefox911** · 03-27-2009, 11:23 AM

What the hell... why would anyone do this? Maybe a hosting company didn't like a review? xD

**andrei155** · 03-27-2009, 06:27 PM

Considering that website is mainly the river of all web hosting knowledge... that hacker must be **** good.

**shakir** · 03-29-2009, 04:31 AM

oh its bad luck...was in last week.. but lost much posting....around 300

**MoForce** · 03-29-2009, 11:07 AM

I didn't even know there was a webhostingtalk

**dyer** · 03-29-2009, 03:04 PM

They lost several databses like user informations. they also mentioned the users who signup recently should register again, if they not able to login with thier Ids.

That was a planned attack.

**tim84** · 03-29-2009, 08:21 PM

I was a member there with about 100+ post and now I can't even log in because I only signed up after their last workable backup.

I wonder what's the intention of the hackers who hacked into WHT... ?

**~ServerPoint~** · 03-30-2009, 04:46 AM

They have big team of the specialists and I believe they will get that sorted soon

**The-Pixel** · 03-30-2009, 06:18 AM

Quote:

Originally Posted by andrei155

Considering that website is mainly the river of all web hosting knowledge... that hacker must be **** good.

I'll 2nd that. From what I remember this is the 2nd time they have been hacked in the past 4 or 5 months. It happened not to long ago and you had to login and change your passwords.

**FortressDewey** · 03-30-2009, 04:12 PM

They have been having some issues with just basic protocal. Yes I would agree it was a planned attack, most certainly, fortunately, I don't exchange any sensitive information inside of PM's. and don't worry about my "post count."

**LaneHost** · 03-30-2009, 11:07 PM

They are still trying to restore their databases, hopefully they will have it all sorted.

Yes, that was a very deliberate hack.

**SiberForum** · 03-31-2009, 05:50 AM

As far as I understand they have lost only part of the DB. As I had abot 800 posts there and now that is less 250. I suppose that people will forgive them even if they lost that part.

**iHubNet-Matt** · 03-31-2009, 09:57 AM

Quote:

Originally Posted by SiberForum

As far as I understand they have lost only part of the DB. As I had abot 800 posts there and now that is less 250. I suppose that people will forgive them even if they lost that part.

The back up now running is from October I think. All posts after October has lost and the users signed up after October have lost their user IDs. It is a sad experience but they are trying hard to retrieve it, hopefully we can expect every thing will be fine soon.

**gastong** · 03-31-2009, 04:14 PM

whoever did this must be very experienced

**Generator** · 03-31-2009, 05:24 PM

Yikes - taking out the backups too. That was just cruel of the hacker folks

Hope they track him down and get him locked up.

**~ServerPoint~** · 04-02-2009, 03:27 AM

Well. Do you really sure they be able to catch the hacker?

**MH-Andy** · 04-02-2009, 03:55 PM

This is bad news, thanks for the heads up I will change my password

**LaneHost** · 04-08-2009, 05:01 PM

And this story continues....Webhostingtalk was down again yesterday...here is what iNET wrote:

Quote:

This morning, the hacker who attacked WHT initiated further communication. He provided evidence that credit card information on one of our database servers was, in fact, compromised on March 21st. What data was compromised? At this point, we know that the hacker compromised and has publicly posted credit card information from our self-service billing system currently used for sticky posts (located at http://myinet.inetinteractive.com). This system was also used for display (banner) advertising in prior to December 2007. What about premium and corporate members? Or display advertisers? If you've purchased a premium or corporate membership or you are a display (banner ad) advertiser from December 2007 or later, your data is safe. These products run on a newer billing platform that does not store credit card information. What is WHT and iNET Interactive doing about it? If we have evidence or suspicion that your credit card information was leaked, you will be receiving further communication from WHT and iNET Interactive. Why is WHT down and when do we expect it to be back up? We're currently doing a full security sweep of our cluster to ensure the servers are secure. The site will be back up once this security review is complete.

Here is from the README.txt file, some parts are censored...

Quote:

Ok so backup only was not enough for you ******, HERE, have some credit cards too You know, it's ******* hilarious you ****** backed up some bull**** backup and users still got the same passwords.
Well some did change, to be precise, 1348 users out of 200,000. AWE-*******-SOME, no? You ******* couldn't even bother changing your ******* HOST.
Why the **** are you looking into your ****** server? GO LOOK AT YOUR HOSTER, RACK-****-EDGE YES GO.
NEWAYS, what I noticed in the helpdesk **** **** you got, you say you can't give out information about ur server?
IT'S **** PEOPLE. 2GB ram for a site like this? gimmeh a break ****. Also all those ************* who were bragging the haxored thread at forums,
you ****** think I give a **** you say 'bout me? I can rape your ******* life easy as 1,2,3 and this just proves the fact that I can.
Anyway, hopefuly this is the last time I have to "try" get into ur ****** servers(COUGH RACKEDGE COUGH) to back the **** up, I wonder if u **** gonna get sued over this ****. ;-) lolz

OOH before I finnish, u **** reported the box I posted backup from the 1st time, what would you do if i posted from ur own box now ******? I got more places to post from than u got hair on ur head or mby ur bald lolz

k peace out **** and dont mess with me ;-)

This is the format of the table that was dumped found on another forum,...

Quote:

# Dumped by NEGRO SHELL.
# Home page: http://negro.com
#
# Host settings:
# MySQL version: (4.0.27-standard-log) running on 69.20.126.7 (www.webhostingtalk.com)
# Date: ##/##/####
# DB: "ioms"
#---------------------------------------------------------
DROP TABLE IF EXISTS `creditcard`;
CREATE TABLE `creditcard` (
`card_id` int(11) NOT NULL auto_increment,
`account_id` int(11) NOT NULL default '0',
`address_id` int(11) NOT NULL default '0',
`cardnumber` bigint(20) NOT NULL default '0',
`expdate` varchar(10) NOT NULL default '',
`cardcode` varchar(5) NOT NULL default '0',
`issueingbank` varchar(50) NOT NULL default '',
`nameoncard` varchar(50) NOT NULL default '',
`status` enum('valid','removed','modified','fraud','chargeback','other') NOT NULL default 'valid',
`friendlyname` varchar(100) NOT NULL default '',
`admin_note_id` int(11) NOT NULL default '0',
`customer_note_id` int(11) NOT NULL default '0',
`creation_timestamp` bigint(20) NOT NULL default '0',
`creation_session_id` int(11) NOT NULL default '0',
`modify_timestamp` bigint(20) NOT NULL default '0',
`modify_session_id` int(11) NOT NULL default '0',
`removal_timestamp` bigint(20) NOT NULL default '0',
`removal_session_id` int(11) NOT NULL default '0',
PRIMARY KEY (`card_id`),
KEY `account_id` (`account_id`,`address_id`,`cardnumber`)
) TYPE=MyISAM PACK_KEYS=0;