Australian webhost hacked, ~5000 websites unrecoverable

Seen something interesting in the news or on the intertubes? Discuss it here.

Moderators: Zamfir, Hawknc, Moderators General, Prelates

User avatar
M.C.
Posts: 264
Joined: Sun Oct 03, 2010 1:06 pm UTC
Location: South of the equator.

Australian webhost hacked, ~5000 websites unrecoverable

Postby M.C. » Tue Jun 21, 2011 6:10 am UTC

http://www.theage.com.au/technology/sec ... 1#comments
Spoiler:
4800 Aussie sites evaporate after hack
Asher Moses
June 21, 2011 - 2:51PM
Comments 21
At least 4800 Australian websites have been lost with no chance of recovery following a break-in at Australian domain registrar and web host Distribute.IT.

The hack attack caused so much damage that four of the company's servers were "unrecoverable", the company said, leaving thousands of website owners in the lurch.

"The overall magnitude of the tragedy and the loss of our information and yours is simply incalculable; and we are distressed by the actions of the parties responsible for this reprehensible act," Distribute.IT said.

Advertisement: Story continues below
As reported by Fairfax Media last week, Distribute.IT was hit with a "deliberate, premeditated and targeted attack" on its servers last Saturday but it is still struggling to work out exactly what happened or how much data was stolen.

Security experts warned that thousands of websites were vulnerable to being hijacked and extensive private data were at risk of being stolen.

Customers hit the Whirlpool forums to complain that Distribute.IT had not adequately responded with information about the break-in and that the hack "has probably killed my business".

In a statement published today, Distribute.IT said it had been working around the clock in an attempt to recover data from its affected servers.

"At this time, We regret to inform that the data, sites and emails that were hosted on Drought, Hurricane, Blizzard and Cyclone can be considered by all the experts to be unrecoverable," it said.

"While every effort will be made to continue to gain access to the lost information from those hosting servers, it seems unlikely that any usable data will can be salvaged from these platforms.

"In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data."

The company said 4800 websites were affected and since it did not have the capacity to transfer the domain names to other parts of its platform, Distribute.IT had no choice "but to assist you in any way possible to transfer your hosting and email needs to other hosting providers".

Distribute.IT has still not been able to get its website back online and it is using a Google Blogger account to update customers. Its phone lines have been ringing out and its email is down, forcing the company to use a temporary Gmail addresss - distributeit888@gmail.com.

Rob McAdam, CEO of security firm Pure Hacking, said the issue was a "catastrophic problem" for those with websites hosted by Distribute.IT.

"If these clients of Distribute.IT had no other backup other than what was at Distribute.IT, they would then have to rebuild their site - from scratch," he said.

"From the Distribute.IT blog post, it appears that they have lost all of the content for these web sites and any associated backups that Distribute.IT kept."

James Turner, security analyst at IBRS, said: "This could be the nightmare scenario that every small/medium businessperson working on the internet has in the back of their minds. If the attack is as described then the malice behind it is appalling."

On the Whirlpool discussion forums, where there are over 60 pages of posts discussing the Distribute.IT hack, customers were livid at finding out their data was gone forever.

"I think I'm in shock ... I have lost everything .... I couldnt possibly replicate all those years of work again ... my whole lifes work is gone down the drain," wrote one.



Read more: http://www.theage.com.au/technology/sec ... z1Pt7zNI8w


While in the grand scheme of the internet, 5,000 websites isn't huge, but how can data be unrecoverable? Surely there is some way of retrieving the 'lost' websites.
Nobody likes Milhouse!

User avatar
Aaeriele
Posts: 2127
Joined: Tue Feb 23, 2010 3:30 am UTC
Location: San Francisco, CA

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby Aaeriele » Tue Jun 21, 2011 6:17 am UTC

What they probably mean is that the up-to-the-minute versions are unrecoverable. Assuming the owners of the websites (or the webhost) kept backups, those could be used to recover an earlier version of the site.
Vaniver wrote:Harvard is a hedge fund that runs the most prestigious dating agency in the world, and incidentally employs famous scientists to do research.

afuzzyduck wrote:ITS MEANT TO BE FLUTTERSHY BUT I JUST SEE AAERIELE! CURSE YOU FORA!

User avatar
SlyReaper
inflatable
Posts: 8015
Joined: Mon Dec 31, 2007 11:09 pm UTC
Location: Bristol, Old Blighty

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby SlyReaper » Tue Jun 21, 2011 6:45 am UTC

Ouch. It sounds like a lot of the website owners didn't keep backups, and the webhost's backups were destroyed. In which case, that could indeed be a disaster for a business. A lot of the work will need to be redone from scratch.
Image
What would Baron Harkonnen do?

User avatar
Diadem
Posts: 5654
Joined: Wed Jun 11, 2008 11:03 am UTC
Location: The Netherlands

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby Diadem » Tue Jun 21, 2011 2:45 pm UTC

How can you possible lose *everything*? That can only happen if you never ever make any backups. And even then users should have the original code for those websites on their computers, right? Unless you deleted those for some reason, but that's just crazy. I can understand not making a personal backup of every single blogpost you write, if you trust your host to make backups. But you should at least have the basic website itself somewhere.

To lose 'years of work' requires shockingly bad policy on the side of both the host and the user.
It's one of those irregular verbs, isn't it? I have an independent mind, you are an eccentric, he is round the twist
- Bernard Woolley in Yes, Prime Minister

User avatar
SlyReaper
inflatable
Posts: 8015
Joined: Mon Dec 31, 2007 11:09 pm UTC
Location: Bristol, Old Blighty

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby SlyReaper » Tue Jun 21, 2011 3:09 pm UTC

What if their website is older than their computer, and they didn't move everything over? It happens. Not everyone makes copies of stuff they don't think they're going to need copies of.
Image
What would Baron Harkonnen do?

User avatar
Triangle_Man
WINNING
Posts: 1500
Joined: Sat May 02, 2009 8:41 pm UTC
Location: CANADA

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby Triangle_Man » Tue Jun 21, 2011 5:41 pm UTC

SlyReaper wrote:What if their website is older than their computer, and they didn't move everything over? It happens. Not everyone makes copies of stuff they don't think they're going to need copies of.

Clearly, then, it's important to make backups of everything, something which myself and presumably other people don't do but should given the nature of this story.
I really should be working right now, but somehow I don't have the energy.

The Mighty Thesaurus wrote:My moral system allows me to bitch slap you for typing that.

Sheikh al-Majaneen
Name Checks Out On Time, Tips Chambermaid
Posts: 1075
Joined: Fri Jan 01, 2010 5:17 am UTC

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby Sheikh al-Majaneen » Tue Jun 21, 2011 8:06 pm UTC

Aaeriele wrote:What they probably mean is that the up-to-the-minute versions are unrecoverable. Assuming the owners of the websites (or the webhost) kept backups, those could be used to recover an earlier version of the site.

"In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data."


Sounds like everything, to me.

User avatar
Aaeriele
Posts: 2127
Joined: Tue Feb 23, 2010 3:30 am UTC
Location: San Francisco, CA

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby Aaeriele » Tue Jun 21, 2011 8:16 pm UTC

Sheikh al-Majaneen wrote:
Aaeriele wrote:What they probably mean is that the up-to-the-minute versions are unrecoverable. Assuming the owners of the websites (or the webhost) kept backups, those could be used to recover an earlier version of the site.

"In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data."


Sounds like everything, to me.


The webhost's backups. The owners could have kept their own.
Vaniver wrote:Harvard is a hedge fund that runs the most prestigious dating agency in the world, and incidentally employs famous scientists to do research.

afuzzyduck wrote:ITS MEANT TO BE FLUTTERSHY BUT I JUST SEE AAERIELE! CURSE YOU FORA!

achan1058
Posts: 1783
Joined: Sun Nov 30, 2008 9:50 pm UTC

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby achan1058 » Tue Jun 21, 2011 8:27 pm UTC

Sheikh al-Majaneen wrote:"In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data."
How can this still happen though? I thought that it is a normal practice to keep backups on different servers or tapes/hard drives that are separate?

User avatar
Aaeriele
Posts: 2127
Joined: Tue Feb 23, 2010 3:30 am UTC
Location: San Francisco, CA

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby Aaeriele » Tue Jun 21, 2011 9:17 pm UTC

achan1058 wrote: I thought that it is a normal practice to keep backups on different servers or tapes/hard drives that are separate?


Doesn't mean that everywhere does it (or that both sets of servers couldn't be compromised).
Vaniver wrote:Harvard is a hedge fund that runs the most prestigious dating agency in the world, and incidentally employs famous scientists to do research.

afuzzyduck wrote:ITS MEANT TO BE FLUTTERSHY BUT I JUST SEE AAERIELE! CURSE YOU FORA!

User avatar
Adacore
Posts: 2755
Joined: Fri Feb 20, 2009 12:35 pm UTC
Location: 한국 창원

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby Adacore » Wed Jun 22, 2011 12:06 am UTC

Yeah, a website I work with lost all the code upgrades and much of the content from the last year a while back because of something similar. The parent company that owns the website and provides the server assured us that they were taking regular backups of both the website and the subversion archive where we were developing the new code. Turns out they hadn't set it up properly. Our coders were apoplectic.

KnightExemplar
Posts: 5494
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby KnightExemplar » Wed Jun 22, 2011 1:33 am UTC

achan1058 wrote:
Sheikh al-Majaneen wrote:"In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data."
How can this still happen though? I thought that it is a normal practice to keep backups on different servers or tapes/hard drives that are separate?


A company like GoDaddy does not offer those kinds of services. But in return, you get to have a web host for less than $5/month.

Before the advent of "Cloud Computing", you'd need either colocation or managed services before you got regular backups or something similar. Colocation costs upwards from $100/month + the cost of the server (You still have to buy the $2000+ machine to be put into the colocation rack).

Managed Servers (with full service, including backup service and so forth) cost $150+/month.

---------

With "Cloud Computing" popping up, and virtual private servers, the cost of your webserver can go towards the $20/month to $50/month range, with backups maybe costing an extra $10/month. (VPS and Cloud Computing are easy to back up, because they're "virtual" computers that can move around).

So if you're one of those small restaurants that just need a simple website (directions to your store, and maybe your menu), the $5/month GoDaddy price is nice. You don't get backups, you don't get much power, you don't get full root access.... but you get a website. And thats what most people need. And its significantly cheaper than even "Cloud Computing" platforms that everyone is crazy about today.
First Strike +1/+1 and Indestructible.

User avatar
Steax
SecondTalon's Goon Squad
Posts: 3038
Joined: Sat Jan 12, 2008 12:18 pm UTC

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby Steax » Wed Jun 22, 2011 3:20 am UTC

Diadem wrote:How can you possible lose *everything*? That can only happen if you never ever make any backups. And even then users should have the original code for those websites on their computers, right? Unless you deleted those for some reason, but that's just crazy. I can understand not making a personal backup of every single blogpost you write, if you trust your host to make backups. But you should at least have the basic website itself somewhere.

To lose 'years of work' requires shockingly bad policy on the side of both the host and the user.


I think most websites (especially with CMSes) value their content more than their design. If the owner didn't have database backups or CMS backups, well...

And I know that a lot of web developers don't even tell their clients to back up their data. Poo.

I still put the blame on the hosting company though.
In Minecraft, I use the username Rirez.

User avatar
SlyReaper
inflatable
Posts: 8015
Joined: Mon Dec 31, 2007 11:09 pm UTC
Location: Bristol, Old Blighty

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby SlyReaper » Wed Jun 22, 2011 7:09 am UTC

Me, I put the blame on the hackers.
Image
What would Baron Harkonnen do?

User avatar
Ortus
Fluffy
Posts: 569
Joined: Sat Apr 03, 2010 7:09 am UTC

Re: Australian webhost hacked, ~5000 websites unrecoverable

Postby Ortus » Wed Jun 22, 2011 7:15 am UTC

SlyReaper wrote:Me, I put the blame on the hackers.



Erasing backups is pretty douchey.
roband wrote:Face, yes. Chest, probably. Pubic area, maybe. Scrotum, not a fucking chance.


Return to “News & Articles”

Who is online

Users browsing this forum: No registered users and 17 guests