Dear NamePros Members,
I had a bad day. If you tried visiting the site yesterday and found it offline, you're probably wondering what happened that made me take it offline. The bottom line is we crossed paths with a hacker who compromised our security (though probably not the way you would expect).
Yes, we had firewalls and every available protection running on our servers. The technicians who reviewed our server after the fact confirmed that all appropriate security measures were in place and our server had not technically been breached. So what gives? Well, this hacker was able to successfully impersonate me to a support representative at my datacenter and convinced them enough to hand over my customer login and password. I'm really shocked by how little information about me was needed to do this. Once logged into my provider's member's area, it was a piece of cake to get support techs to reset our server passwords.
So despite doing my part to keep NamePros secure, this was a weak link that left us vulnerable to attack. Remote connections to our server via SSH or FTP were not enabled, so even with the admin password on hand there was not much that could be accessed. However our database manager password was also changed by the support techs, so it was open to attack for a very brief period. The extent of the hacking was that the primary database for the forum was deleted, causing our site to go offline.
I was monitoring the server at the time this occurred so was able to intervene rather quickly. I took the site offline, and as a defensive measure, deleted all of the sensitive files, backups, and databases on our server. I didn't immediately realize the point of attack, so my response to protect the site would cost me a lot of time fixing later. I spent the next several hours reviewing what had happened on my own and over the phone with server technicians. Although it does not appear the hacker got into our server, they suggested the only way to ensure a clean system was to start with a fresh hard drive and system install. That's what I opted to do today.
To make a bad night worse, the database restoration did not go so smoothly. I had planned on having everything back online by 10PM but with the database as large as it is, I ran into many troubles. The process takes hours, and more hours when a little something goes wrong and you have to start over.
On the down side, we lost about 8 hours worth of recent data and had about 13 hours of downtime. The site search engine also won't be working for a while. But it appears the hacker was more interested in sending a warning (see below) than to cause major damage to our community, but if you are having any problems with your NamePros account, please do let me know.
On the sunny side, we're back in business, our registration system was not affected, and we had recent backups of our database. Another positive side is this story I get to share with you today so you might learn from it and consider the security of your systems. Firewalls are great, but in addition I strongly urge you to take extra steps to protect your accounts with your hosts, server providers and registrars. Don't let them freely hand out your account information. Since this happened, I've been assured by my provider that it will not happen again.
It's an ugly feeling dealing with hacking and this kind of stuff. If you've ever had your home broken into by a burglar, you know the feeling I'm taking about. I've been a bit of a mess today, so I have to offer my apologies. I feel like I've let a lot of people down.
I set out from the beginning to keep this a free forum and don't intend to change that. Our only revenue is from the ads we run, and most of what's left over after server bills and advertising goes right back to our members in the form of NP$ and free domains. I don't make a living from this site or even close to it yet, still I can't help but put my heart and soul into this place.
I truly believe the NamePros community we have among our members is second to none, and I couldn't ask for a better team of NamePros staff and forum leaders. If I have one wish for this site, it's to see each and every NP member succeed in this industry, or at least do a little better thanks to NamePros.
And I love my wife. She knows how much a part of NamePros is of my life. Not once today did she complain as I spent most the day today frazzled and going gray-haired in front of my computer screen, and on her birthday too. I don't know what I would do without someone who believes in me like she does.
So that was my bad day. Tomorrow we'll start fresh and go forward with NamePros. I thank you all for your support in doing so.
By the way, the hacker is from Iran and calls himself the "DN Hacker". He is the one who defaced DNJournal on Monday and has threatened to take down other domain industry sites. NamePros was just one of several on his target list. I don't doubt he knows what he's doing and hope we don't have to go through anything like this again. The basic message he wishes to spread to the domain industry is: "do not report any hijacked domains not owned by you." There you have it.
Your humble webmaster,
RJ
P.S. As bad as my day has been, it can hardly compare to the tragedies happening right now on the Mississippi coast. I know we have quite a few members who live in that part of the country including Sidney Parfait (aka Domainut) whose hometown of Slidell has been said to have been hit harder than any other. Please include Sid and his family in your prayers!
I had a bad day. If you tried visiting the site yesterday and found it offline, you're probably wondering what happened that made me take it offline. The bottom line is we crossed paths with a hacker who compromised our security (though probably not the way you would expect).
Yes, we had firewalls and every available protection running on our servers. The technicians who reviewed our server after the fact confirmed that all appropriate security measures were in place and our server had not technically been breached. So what gives? Well, this hacker was able to successfully impersonate me to a support representative at my datacenter and convinced them enough to hand over my customer login and password. I'm really shocked by how little information about me was needed to do this. Once logged into my provider's member's area, it was a piece of cake to get support techs to reset our server passwords.
So despite doing my part to keep NamePros secure, this was a weak link that left us vulnerable to attack. Remote connections to our server via SSH or FTP were not enabled, so even with the admin password on hand there was not much that could be accessed. However our database manager password was also changed by the support techs, so it was open to attack for a very brief period. The extent of the hacking was that the primary database for the forum was deleted, causing our site to go offline.
I was monitoring the server at the time this occurred so was able to intervene rather quickly. I took the site offline, and as a defensive measure, deleted all of the sensitive files, backups, and databases on our server. I didn't immediately realize the point of attack, so my response to protect the site would cost me a lot of time fixing later. I spent the next several hours reviewing what had happened on my own and over the phone with server technicians. Although it does not appear the hacker got into our server, they suggested the only way to ensure a clean system was to start with a fresh hard drive and system install. That's what I opted to do today.
To make a bad night worse, the database restoration did not go so smoothly. I had planned on having everything back online by 10PM but with the database as large as it is, I ran into many troubles. The process takes hours, and more hours when a little something goes wrong and you have to start over.
On the down side, we lost about 8 hours worth of recent data and had about 13 hours of downtime. The site search engine also won't be working for a while. But it appears the hacker was more interested in sending a warning (see below) than to cause major damage to our community, but if you are having any problems with your NamePros account, please do let me know.
On the sunny side, we're back in business, our registration system was not affected, and we had recent backups of our database. Another positive side is this story I get to share with you today so you might learn from it and consider the security of your systems. Firewalls are great, but in addition I strongly urge you to take extra steps to protect your accounts with your hosts, server providers and registrars. Don't let them freely hand out your account information. Since this happened, I've been assured by my provider that it will not happen again.
It's an ugly feeling dealing with hacking and this kind of stuff. If you've ever had your home broken into by a burglar, you know the feeling I'm taking about. I've been a bit of a mess today, so I have to offer my apologies. I feel like I've let a lot of people down.
I set out from the beginning to keep this a free forum and don't intend to change that. Our only revenue is from the ads we run, and most of what's left over after server bills and advertising goes right back to our members in the form of NP$ and free domains. I don't make a living from this site or even close to it yet, still I can't help but put my heart and soul into this place.
I truly believe the NamePros community we have among our members is second to none, and I couldn't ask for a better team of NamePros staff and forum leaders. If I have one wish for this site, it's to see each and every NP member succeed in this industry, or at least do a little better thanks to NamePros.
And I love my wife. She knows how much a part of NamePros is of my life. Not once today did she complain as I spent most the day today frazzled and going gray-haired in front of my computer screen, and on her birthday too. I don't know what I would do without someone who believes in me like she does.
So that was my bad day. Tomorrow we'll start fresh and go forward with NamePros. I thank you all for your support in doing so.
By the way, the hacker is from Iran and calls himself the "DN Hacker". He is the one who defaced DNJournal on Monday and has threatened to take down other domain industry sites. NamePros was just one of several on his target list. I don't doubt he knows what he's doing and hope we don't have to go through anything like this again. The basic message he wishes to spread to the domain industry is: "do not report any hijacked domains not owned by you." There you have it.
Your humble webmaster,
RJ
P.S. As bad as my day has been, it can hardly compare to the tragedies happening right now on the Mississippi coast. I know we have quite a few members who live in that part of the country including Sidney Parfait (aka Domainut) whose hometown of Slidell has been said to have been hit harder than any other. Please include Sid and his family in your prayers!
