[vox-tech] my site was hacked

Hai Yi yihai2004 at gmail.com
Mon Jan 25 19:30:28 PST 2010 

Thanks a lot, Bill, for your helpful advice, this time and last time -
I own you one...

On Mon, Jan 25, 2010 at 10:16 PM, Bill Broadley <bill at broadley.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hai Yi wrote:
>> a couple days ago one of my friends got hacked into her photo website,
>> ironically it turned out my business website was hacked too - I found
>> out yesterday.
>>
>> The website hasn't been restored yet, even I wrote an urgent email to
>> the support of my ISP, lunarpages.com, no response after 24 hours
>> except for an automatic email. This host used to be a good one,
>> responding to the requests in time and to the point; however it's
>> becoming a disappointment in recent years, I think it's time for me to
>> move my business else where.
>>
>> Anyway, I hope someone here can help me with a few questions: does the
>> ISP bear responsibility for such a security breach? My site has yet to
>> see much business flow, but suppose there is a successful site being
>> hacked and the restoration is delayed, who is to blame for the loss?
>
> I am not a lawyer, but I suspect that any attempt to get money from an ISP
> would be expensive, painful, and unlikely to have a happy result.  Usually
> acceptable use policies, they are likely to blame you, or at least claim they
> not to blame.
>
>> My homepage is replaced by the hacker's page of some crap, is that the
>> best he can do? what kind of attack it is? are they able to access my
>
> The best kind actually.  If it's ego they might not have slurped your data.
>
>> data? I checked that my files are still there, but not sure if the
>> hacker has made a copy.
>
> You can't tell, I suggest you assume they did.  Assume any related passwords,
> account numbers, and related have been compromised.  Even if you find logs
> it's fairly common to leave easy to find logs that cover their tracks.
>
> So I'd look for a better ISP and do everything you can to make your setup more
> secure.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkteXnUACgkQBmOBO0n4EFV1EgCfYVs5EPU+tYWyrvquUYPXUXzN
> LbEAoJ2onUYNqUaz7RJ9myzaooS0h3Dn
> =A4m0
> -----END PGP SIGNATURE-----
> _______________________________________________
> vox-tech mailing list
> vox-tech at lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>

More information about the vox-tech mailing list