Is your Studio web site safe from hackers?Guess who is messing up Mastering sites...

[Alécio Costa]

Hi folks

This week I was surprised by a group of folks who tried to mess up my website.

Their IPs were tracked as being from web/cable TV companies from the USA and Canada.

Please take a serious look at the security of your FTP/web sites.


I may post here the IPs and the names of the companies ( although I do not want a lawyer knocking at my door).

If it is a problem I may provide them via PM's.

Take Care!

[danika]

Quote:

Originally Posted by Alécio Costa

Hi folks

This week I was surprised by a group of folks who tried to mess up my website.

Their IPs were tracked as being from web/cable TV companies from the USA and Canada.

Please take a serious look at the security of your FTP/web sites.


I may post here the IPs and the names of the companies ( although I do not want a lawyer knocking at my door).

If it is a problem I may provide them via PM's.

Take Care!

Not sure what your point is. That a hacker would be using a major Internet Service Provider is not particularly suprising. Hacker's can originate their malice from just about anywhere and the ISP has no real way of detecting it. Even with Denial of Service attacks which can be detected by traffic volume, the machines originating the traffic usually don't belong to the hacker.

[Lackatee]

If someone is doing DoS attacks on your website, they are most likely spoofing the IP as well. So the WHOIS info your picking up on the IP, is whatever they decided to choose as an IP to attack you with. I can guarentee 99.9% that the IP they used to attack your website with, is not the actual IP of the attacker.

It's almost the same thing as spam e-mails, The e-mail address of the spammer that ended up in your inbox is not the e-mail or domain that the spammer originated his e-mail from. Not even close. They dont want to get caught, thats the whole point.

There could be that .1% chance that you pissed off some IT dude that worked at NBC, and now your paying the price for a week or so.. But seriously, thats probably not the deal here.

[Jesse Graffam]

Yeah, not a DoS. Probably someone that just ran a web search for a substring that is somewhere on your website, for whatever software you happen to be running on it.

It's not likely that they know you.

It's likely they are just some lame script kiddies.

Check to see what the last modified files on your site are, so you can remove backdoors etc.

Update whatever software on your site that you use that may have it's version information somewhere (on the page or in the html), to the current version.

Then remove any back-doors and new accounts, change your passwords, and move on with your life. Keep your software updated next time.

[Alécio Costa]

One of the IPs, a cable company from Texas, is an already well known disguise used by hackers.

It was published this week in some obscure forum place of the web.

[kosmokrator]

either the IPs are spoofed or the machines have been taken over and turned into a bot-net.
Tracing those back is often not possible.
However, you may inform those ISPs that their systems may be compromised.

If you operate your own dedicated server, I think you know what measures to take. Some of them are:

- hardening your system (check running daemons, apply bugfixes etc.)
- stateful packet-filtering and/or proxying
- implementing an IDS
- tripwiring
- special care to running services, esp. ftpd
- serious logging
- logrotation
-...

If you don't have serious knowlege about those issues, I strongly advise against operating your own root server. It can be dangerous for you and others.

[Alécio Costa]

Thanks, guys.
In fact there is a company doing it to me, but might be moving to another one as the contract expires.

[kosmokrator]

Quote:

Originally Posted by Alécio Costa

Thanks, guys.
In fact there is a company doing it to me, but might be moving to another one as the contract expires.

May help, but a rule in pro-IT is: If you operate a public server, you WILL get attacked. The questions are when, how and how often.

[Thomas W. Bethe]

Quote:

Originally Posted by kosmokrator

May help, but a rule in pro-IT is: If you operate a public server, you WILL get attacked. The questions are when, how and how often.

My mentor has a server for the commercials he produces and it gets attacked 24 hours per day 7 days per week. I was there one afternoon and he had 4000 attempted attacks in one day. Wow. I had no idea it was that bad. Luckily he has a good IT person and a good firewall/software barrier. I cannot imagine what some where like the White House or the Pentagon must go through with people trying to break in.

[Jesse Graffam]

Quote:

Originally Posted by Thomas W. Bethe

I cannot imagine what some where like the White House or the Pentagon must go through with people trying to break in.

Whitehouse.gov almost got taken down once by a worm someone made, but the "idiot" used it's IP instead of a DNS lookup, so all they had to do was change the NOC it was in.

Of course now... they have a pretty heavy-duty setup.

[Alécio Costa]

Seems there are lots of sick minds out there or folks who don´t have top quality sex in their lives.

[Jesse Graffam]

I'm guessing you just visited Whitehouse.com.... instead of Whitehouse.gov

Biiiiiiiiiiig difference.



[revisited]
ah nevermind. Whitehouse.com isn't a hard-core porn site anymore. now i'm lost (per your comment, not the lack of porn. not that i need porn. lol, i should stop typing. heeheeh.)
[/revisited]

[danika]

Quote:

Originally Posted by kosmokrator

May help, but a rule in pro-IT is: If you operate a public server, you WILL get attacked. The questions are when, how and how often.

Right on. I run my business from a high-volume website which routinely gets attacked, and sometimes they're successful. But you repair the damage, plug the hole, and move on. Trying to pin the blame on someone is a total waste of time and energy.

[George Necola]

most of the problems occur with password protection of your account. your ISP is safe like fort-nox and the guy who owns the account has a 6 letter password this takes up to 2 minutes and you are in.

use something easy as this:
Password checker

to check your ISP-password, email password and stuff like that. it's always a good idea to hide any "ADMIN" logins from your mainpage.

if you run a CMS (content management system), always upgrade to the latest greatest release of your CMS-soft.

that's it. pretty safe life now.

[kosmokrator]

Quote:

Originally Posted by George Necola

most of the problems occur with password protection of your account. your ISP is safe like fort-nox and the guy who owns the account has a 6 letter password this takes up to 2 minutes and you are in.

use something easy as this:
Password checker

to check your ISP-password, email password and stuff like that. it's always a good idea to hide any "ADMIN" logins from your mainpage.

if you run a CMS (content management system), always upgrade to the latest greatest release of your CMS-soft.

that's it. pretty safe life now.

George, sorry to disagree here, but no, it's not. If you run a CMS on your own dedicated server, there is a whole lotta more to do. See my very incomlete list above.
For starting, I recommend checking the books by O'Reilly: O'Reilly Media: Tech Books, Conferences, Courses, News
What many people forget: It's not only about your own security. If your system gets compromised, it almost certainly WILL be used to attack other systems.
When I was still a network-admin, my systems were routinely attacked by compromised systems operated by someone "who is good with computers", but had no idea of pro-level networking and server-operating.
Being able to troubleshoot a DAW or the computers of your friends does not qualify you for operating a public server. Sadly, as with audio products, everybody now can buy a 'root-server-package', even without any qualifications.
(you know, those guys are the IT-equivalent to the 'mastering engineers' with a MBox and cracked waves bundle.)

[kosmokrator]

Quote:

Originally Posted by danika

Right on. I run my business from a high-volume website which routinely gets attacked, and sometimes they're successful. But you repair the damage, plug the hole, and move on. Trying to pin the blame on someone is a total waste of time and energy.

I hope you tripwired your system. How do you know they didn't implement a backdoor before you plugged the hole? Rootkit anyone?
A starting point: Open Source Tripwire - Wikipedia, the free encyclopedia

[HookedOnHardware]

Quote:

Originally Posted by Alécio Costa

Seems there are lots of sick minds out there or folks who don´t have top quality sex in their lives.

That must be the reason why I didn't understand most of the posts... I have a GREAT sex life .

[kosmokrator]

Quote:

Originally Posted by HookedOnHardware

That must be the reason why I didn't understand most of the posts... I have a GREAT sex life .

Mee too. Sick mind maybe, though...

[George Necola]

you are right. I am talking about the sharing hostings. most people I know have shared hostings. your ISP may fail too, but they do regular updates of their software, firewalls and stuff.

the weakest point are user passwords stike

running a dedicated is a whole different story. I already had my daily O'Reilly-coffee today

cheers

Quote:

Originally Posted by kosmokrator

George, sorry to disagree here, but no, it's not. If you run a CMS on your own dedicated server, there is a whole lotta more to do. See my very incomlete list above.
For starting, I recommend checking the books by O'Reilly: O'Reilly Media: Tech Books, Conferences, Courses, News
What many people forget: It's not only about your own security. If your system gets compromised, it almost certainly WILL be used to attack other systems.
When I was still a network-admin, my systems were routinely attacked by compromised systems operated by someone "who is good with computers", but had no idea of pro-level networking and server-operating.
Being able to troubleshoot a DAW or the computers of your friends does not qualify you for operating a public server. Sadly, as with audio products, everybody now can buy a 'root-server-package', even without any qualifications.
(you know, those guys are the IT-equivalent to the 'mastering engineers' with a MBox and cracked waves bundle.)

[George Necola]

Quote:

Originally Posted by kosmokrator

Mee too. Sick mind maybe, though...

and btw. your website is fantastic (and the starting video is greeeat ).

[kosmokrator]

Quote:

Originally Posted by George Necola

and btw. your website is fantastic (and the starting video is greeeat ).

wow. Thanks a lot! Fortunately for us, our buddies next door are a film production crew. So we got the whole shooting almost fo free..