MG Online: How we beat Russian hack attack

[murraybiscuit]

this article doesn't make a lot me sense To me. There's plenty ways To hack a site and achieve what the guys did. From the extent of the attack it doesn't sound like a system account or firewall needed to be compromised. But hey, what do i know.

 

[Tomtomtom]

Firewalls are overrated. The real problem is unpatched, insecure, unnecessary services, and bad ownership / password practices, not to mention terrible high-level software (e.g. PHP-based file managers and the like.) Firewalls at best block access to services that shouldn't be running anyway, and at worst, provide nothing but a false sense of security.

 

[Creag]

Julius failed woodwork, so now he became a hacker

Agreed. Julius could never have done it himself. But he keeps telling all how well connected he is. So maybe he contracted the Russian Mafia?

 

[moosag]

It crew organically and they never bothered with the basics??? Noobs!!!!

If you were in a foreign country you'd be fired.

 

[IridiuM]

Hacker 1 - MG 0

 

[Sodan]

Gotta love their title: "How we beat Russian hack attack". Thats an interesting thing to say considering the fact that they really got PWNED! To make matters worse, they have now closed all ports to the internet. sigh.

*nods*

I think the title of this article is rather generously named. But that's just my opinion.

 

[bonga86]

If they were able to trace the attack to a data centre I assume thats an ISP' can't they in collaboration with ISP track which server in the network was responsible.

 

[Praeses]

I installed Ubuntu 10.4 on my proxy a few months back with a PPPoE connection and Squid for proxying. It didn't even take a day before the whole internets put viral files in a read-write shared folder for my home network. Had to install a software firewall quickly and set it up properly. I can't believe that actual website servers aren't 100x more secure than a home user's old proxy-box.

 

[BobsLawnService]

By the sounds of it MG lost.

I can't really blame them though, there is not much you can do about it is a major international crime syndicate targets your site over a sustained period of time like this.

 

[San-DraX]

ROFL @ Julius ANCYL

 

[AirWolf]

I installed Ubuntu 10.4 on my proxy a few months back with a PPPoE connection and Squid for proxying. It didn't even take a day before the whole internets put viral files in a read-write shared folder for my home network. Had to install a software firewall quickly and set it up properly. I can't believe that actual website servers aren't 100x more secure than a home user's old proxy-box.

Tried Smoothwall?

 

[Wimhotep]

UPDATE YOUR SOFTWARE !! :erm:

Netcraft's "what's that site running" shows that until a few days ago they were running a version of Apache that was 2 and a half years old, which implies that they probably don't keep their systems up to date in general, which implies that their IT sucks. Even Microsoft can keep their website up, and Microsoft are not known for having top-notch security. Guys like Google, News24 etc. can keep their sites up.

The fact is ALL websites are continually under attack from hackers. All of them, all the time. Most attacks are automated. If your IT sucks, you will suffer..

 

[Praeses]

Tried Smoothwall?

I have, but unfortunately I need a desktop for remote viewing for when I'm not at home to start downloads etc.

 

[jpd]

How can they claim to have beaten Russian hackers when the site was in fact hacked and had to be taken down. Seems the hackers won this round.

 

[zamicro]

Our site grew organically and quickly, with too little care taken with important systems like firewalls.

This just shows the mentality of those who are making the decisions.