iWeb Communities: Blog

WebHostingTalk, one of the oldest forum about web hosting, and a reference in the industry, experienced a major security problem yesterday.

It appears an unknown hacker was able to access the backup server, get access to the database, delete the tables, and then access WHT from the backup server. The WHT team had to take the website down, and could only upload a backup from late last year.

If you are a sys-admin or a web developer, do read the post and the following comments.

It’s surprising to see that such a reference in the web hosting industry could be hacked, with user data such as email addresses, private messages, hashed passwords posted to the web. One would think that the technology team at WHT would be the most advanced and experts in security, data backup, web development and system administration, by seeing all the daily threads and discussions on these subjects.

Of course, security is not an easy issue. Hackers always target the biggest, most visible organizations and websites which will give them maximum visibility, and hacking WebHostingTalk and getting access to the members database is a feat most hackers would want to accomplish. The same goes for banks, insurance companies, governments, and many large companies. A whole country (Estonia) was for instance attacked with a DDOS 2 years ago by russian hackers, after a political disagreement. A more recent episode was when JournalSpace had to stop running their website, when a rogue sys-admin destroyed the database.

Nevertheless, there are basic tasks one can do to prevent such “terror stories”: do security audits of your servers, download every week on a local machine the backups, use a continuous backup solution such as R1Soft, monitoring closely ssh access to the servers, use at least 3 different backup systems etc.

There was also a security guide published here, with also instructions on your first setup.