WHT crippled by database attack
by Brian Turner
Popular webhosting forum, WebHostingTalk.com, is in recovery after a hacker made a “deliberate, sophisticated and calculated” attack on the backup system in place, deleting onsite, offsite, and operational backups of the site.
The attacked then proceeded to delete three main tables from the forum database before security processes were able to lock the hacker out.
The result is that the only available backup to restore the forums was one of “last resort” from October last year.
Dennis Johnson (aka SoftWareRevue), revealed that the hacker was able to breach security measures in place via an arcane backdoor exploit.
He also made a point to underline that private user data was not breached, “We have no record or evidence that private message data was accessed. Absolutely no credit card or PayPal data was exposed.”
While WHT has been under attack before, it is the extremely targeted way in which the website was breached that caught owner iNet offguard.
iNet already had a disaster recovery plan in place, but despite three protected data back-up units, with one offsite behind a firewall, and a fourth physical data back-up layer, the hacker was able to breach all of these to cause serious damage to the website.
Dennis warns other companies to be extremely aware of similar potential sabotage attempts: “We advise others to consider a scenario of deliberate, malicious data destruction in their backup and recovery plans.”
I can certainly sympathise with them – database driven sites are very vulnerable to data loss, and data loss from an online community can be very disheartening for members, especially if this means loss of personalisation and community participation.
I thought I had it bad at the end of last year when a database corruption dropped the posts table from one of my big boards, only to find on-site backups had not been operational, forcing use of a two month old database.
The fact that a major site such as WHT can lose 6 months worth of data is astonishing, not least because of the extremely calculated way Dennis describes the site as being attacked.
In the meantime, all webmasters and website owners are warning to be extra vigilant in protecting their online databases and have clear and present backup systems in place. Databases can be extremely powerful yet fragile systems, with data loss often being irreversible.
Discuss this in the Internet Business forums
Story link: WHT crippled by database attack
Related stories:
Leave a Reply
Previous: « 123-reg targeted by phishers
Next: Defendmyname.com spamming forums »
Visited 6859 times, 1 so far today
Posted in: Webmaster