[vox-tech] my site was hacked

Bill Broadley bill at broadley.org
Mon Jan 25 19:16:05 PST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hai Yi wrote:
> a couple days ago one of my friends got hacked into her photo website,
> ironically it turned out my business website was hacked too - I found
> out yesterday.
> 
> The website hasn't been restored yet, even I wrote an urgent email to
> the support of my ISP, lunarpages.com, no response after 24 hours
> except for an automatic email. This host used to be a good one,
> responding to the requests in time and to the point; however it's
> becoming a disappointment in recent years, I think it's time for me to
> move my business else where.
> 
> Anyway, I hope someone here can help me with a few questions: does the
> ISP bear responsibility for such a security breach? My site has yet to
> see much business flow, but suppose there is a successful site being
> hacked and the restoration is delayed, who is to blame for the loss?

I am not a lawyer, but I suspect that any attempt to get money from an ISP
would be expensive, painful, and unlikely to have a happy result.  Usually
acceptable use policies, they are likely to blame you, or at least claim they
not to blame.

> My homepage is replaced by the hacker's page of some crap, is that the
> best he can do? what kind of attack it is? are they able to access my

The best kind actually.  If it's ego they might not have slurped your data.

> data? I checked that my files are still there, but not sure if the
> hacker has made a copy.

You can't tell, I suggest you assume they did.  Assume any related passwords,
account numbers, and related have been compromised.  Even if you find logs
it's fairly common to leave easy to find logs that cover their tracks.

So I'd look for a better ISP and do everything you can to make your setup more
secure.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkteXnUACgkQBmOBO0n4EFV1EgCfYVs5EPU+tYWyrvquUYPXUXzN
LbEAoJ2onUYNqUaz7RJ9myzaooS0h3Dn
=A4m0
-----END PGP SIGNATURE-----


More information about the vox-tech mailing list