Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#694 closed Bug/Something is broken (fixed)

Website HACKED

Reported by: david.norton@… Owned by: Jamie McClelland
Priority: Urgent Component: Tech
Keywords: hacked Cc: david.norton@…
Sensitive: no

Description

Hi there,

The Student Global AIDS Campaign website has been hacked (www.fightglobalaids.org). We are hoping you could restore the site to a previous non-hacked version as soon as possible.

Thank you so much!

David Norton Communications Coordinator, Student Global AIDS Campaign

Change History (5)

comment:1 Changed 11 years ago by Jamie McClelland

Ack - I'm sorry to hear that. I just went in and moved the contents of your web directory into a directory called "hacked" in your include folder. I would strongly encourage you to change your password ASAP. I also made a backup copy of your logs.

Unfortunately, the hacked site was backed up to our backup servers, so I can't restore the site to the way it was before.

If you'd like help, we can try to review your web logs to understand how it got hacked. It may be a couple days before we'll have to time to sort through the logs.

comment:2 Changed 11 years ago by alfredo

Damn!!! I'm sorry you're going through this. I *hate* hackers. They really are terrible.

David, it's really really really important that you keep copies of your own website. Our back-up system is mainly to handle all data that could be lost in a system crash. It's not really to back-up people's sites for content; members do that themselves.

Not only do you run into the problem Jamie's talking about but the way we have our back-ups store isn't conducive to site by site restoration. We can do it but it takes time, etc.

Other thing is, check if you have forms on your site. Forms are very amenable to hacking.

Alfredo

comment:3 Changed 11 years ago by Sam Boyer

Ugh. Ugh ugh ugh.

Yeah, if you guys could let us know what it looks like may have happened when you get a chance, that'd be great. I'm hoping that it's something we'll not have to worry about once we get fully switched over to drupal. At least there, we've got version control and regular DB backups to keep us insulated...

comment:4 Changed 11 years ago by alfredo

Resolution: fixed
Status: newclosed

ticket inactive for two months. apparently were unable to get more info from logs. will close

comment:5 Changed 11 years ago by Jamie McClelland

Sorry - I never had a chance to analyze why your site got hacked. I just realized, however, that this is the same site as the one referenced in ticket in #935. I'm going to leave this one closed and follow up there.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.