For those of you trying to submit stories and/or contact me via WUWT, that won’t be possible for a couple of days via normal methods. My office experienced a cyber attack/hacking today.
WUWT is hosted on wordpress.com, and not served from my office network, so was not affected. But, one server for communications that also serves WUWT was.
One of our primary servers is now offline, and it handles our mail and messaging system. This particular server got compromised because one account had a weak password. While that machine was compromised, fortunately the problem didn’t spread (we think) thanks to it being isolated from other parts of our network and having a different password than other systems. That’s a lesson to anyone running multiple systems – use diverse and strong passwords.
That server is still offline, and I expect our email will be down for a couple of days. It was used to turn into a spam factory overnight and now our network is on several spam lists, thanks to over half a million spam emails being sent, so it will take us a couple of days to get all that cleared up. While we can restore from a backup, all that spam sent out has caused us bigger problems .
Posting on WUWT might be light also until we get the problem solved and get security checked on the rest of our machines.
The attack looks to be unrelated to WUWT, and seems to be just another spammer looking for a machine to take over.
For those that need to contact me, or submit a story, see this:
UPDATE: as of about 10AM PST this morning, we have everything back to normal and we can receive email, but sending email might still be hampered by our network being put on SPAM blacklists. Clearing that will take a couple days.
Discover more from Watts Up With That?
Subscribe to get the latest posts sent to your email.
Sorry to hear, Anthony….a sign of the times. Take care, CRS
If this means we will miss news of the climate conference in Warsaw – that’s good.
Okay, sorry. These sorts of things vary from little to big pains. Yours is a big one. Hope you realize how much you are appreciated. Cheers.
Anthony, sorry to hear about another unneeded distraction. Thanks for the note and take your time to do it right.
I hope things go smoothly and I’m glad it wasn’t worse.
Ditto. We appreciate you my friend.
Painful, and costly in time/money. Thanks for all of your efforts. Good luck.
Sorry to see you experiencing hacking problems – yet to be honest it surprises me you haven’t to this point in time however obscure the attack. It appears you are lucky you have a diverse system very well split up into different components – this will take a fair amount of time to fully sort out this mess.
You’re the best.
One wonders. It would be a shame to tar too many with the brush, but I experienced similar problems after a lengthy discussion with true believers at Weather Underground. The modelers, for all their analytical faults, have exceptional computer skills. All it takes is one who truly believes they are saving the world…
REPLY: I don’t see any connection between this to them, or climate activism whatsoever. The hacker turned the machine into a spam factory – Anthony
Hi Anthony, really sorry to hear about your problem, exactly the same thing happened to me a few months ago. It caused me a great deal of trouble, including the need to visit the local Apple Store to get my iPad reset. The man at Apple said he had never seen such a strong password, so how the Taiwanese hacker got into my account, I don’t know. I still get e-mails (directed to my Spam folder) in Taiwanese! I used a combination of upper and lower case letters, numbers and characters based on past car registration numbers. The cars were scrapped years ago, so the number plates died with them. Why they picked my account and how they decrypted the password is a total mystery to me?
Bishop Hill is also reporting all comments are falling into a black hole (except for registered commenters).
Very sorry to hear about this – very best of luck sorting it out and rebuilding.
Just another battle in the war :-
https://www.greens.org.nz/sites/default/files/newsletters/Russel-climate-change-131113-web.html
“This particular server got compromised because one account had a weak password.”
And did that particular account have admin privileges?
If not just create another account and remove the compromised user. If it did manage to escalate to a full admin take-over you should probably consider using a less vulnerable operating system.
Anthony, I guess you might have already seen this, if not, please give it a try. It seems to give good advise on how to achieve secure passwords. The link is https://www.grc.com. Apparently the secret is length, not complexity.
Brgds
Peter Melia
All my servers use fail2ban – more than 3 failed attempts to login throw the attacker into jail for an hour, they are firewalled completely out. Trust me, it’s difficult to brute-force a password when you only get 3 tries per hour. Also, I have firewalled out entirely the 5 countries that most cyber attacks come from, with the geoIP list updated weekly.
One thing I’ve had a difficult time doing is blocking proxies, like “hide my ass”, but they have two ridiculously easy ways to detect them that most people haven’t figured out yet. Every time a new one appears it automatically ends up in a ban list for 30 days.
Internet security is a moving target, you will never just have a secure system that you can walk away from (unless it’s powered off or has no outside access, which defeats the whole purpose).
Many of the tens of thousands of people on 1and1.com are blacklisted this week as some spammers got into some 1and1 servers.
Hope you get it all sorted soon.
Take Care
James Bull
Speaking as someone whose website was hugely hacked, we eventually found that it was not targeted at us, but seemed to be some kind of malicious random attack emanating out of the Far East.
However, the conspiracy theorist in me says: there is so much money swilling around in the global warming troughs, and so many careers dependent on the continuation of the current system, that it it is not impossible that someone has taken action against the world’s most influential site trying to empty those troughs.
I’ve read that some hackers spread malicious applications. Here is something else more recent, it concerns hackers using the camera and microphone of smartphones.
@Anthony Watts,
Please tell me you are NOT using Windows as your (personal/private) server operating system!!
Anthony … If you use remote desktop on the server (assuming it is a windows machine) use something like RDPGuard it is anti hacking software and blocks an IP after so many bad passwords. if you don’t use remote desktop or have not heard of it, make sure the service is turned off this is how a lot of machines get hacked and malware installed.
Actually, php.net got hacked too… and that’s a big one.
Nothing like going to your own web site and having the Norton “Malicious Website! Do you wish to proceed?” banner pop up. Serves me right for having a seven letter noun from page 984 of the dictionary for a password.
I ftp’d into the site and found several of my class reunion pages had javascript files inserted. Cleverly, they were convoluted js files that wrote the actual malicious js files, and you’d have to run them to see what they really did.
So now I have a triply-quantum-encoded password on the site. I just wish I could remember where I wrote it down.
Being in the business, it is a constant battle. And it does not matter if you are following every precautionary rule, they always find a new vector to attack you at.
Good luck on the restoration. That is the hard part.