For those of you trying to submit stories and/or contact me via WUWT, that won’t be possible for a couple of days via normal methods. My office experienced a cyber attack/hacking today.
WUWT is hosted on wordpress.com, and not served from my office network, so was not affected. But, one server for communications that also serves WUWT was.
One of our primary servers is now offline, and it handles our mail and messaging system. This particular server got compromised because one account had a weak password. While that machine was compromised, fortunately the problem didn’t spread (we think) thanks to it being isolated from other parts of our network and having a different password than other systems. That’s a lesson to anyone running multiple systems – use diverse and strong passwords.
That server is still offline, and I expect our email will be down for a couple of days. It was used to turn into a spam factory overnight and now our network is on several spam lists, thanks to over half a million spam emails being sent, so it will take us a couple of days to get all that cleared up. While we can restore from a backup, all that spam sent out has caused us bigger problems .
Posting on WUWT might be light also until we get the problem solved and get security checked on the rest of our machines.
The attack looks to be unrelated to WUWT, and seems to be just another spammer looking for a machine to take over.
For those that need to contact me, or submit a story, see this:
UPDATE: as of about 10AM PST this morning, we have everything back to normal and we can receive email, but sending email might still be hampered by our network being put on SPAM blacklists. Clearing that will take a couple days.
Folks, it doesn’t matter what operating system you use, you cannot avoid this kind of attack if an email account has a weak password. As an IT consultant, I see it all the time; an email account with a weak password is hacked and that account is used to relay spam through the mail server. All of this speculation by wannabe network experts about this OS or that is silly.
A good article on password generation.
http://www.pcmag.com/article2/0,2817,2368484,00.asp
An alternate method for such
https://identitysafe.norton.com/password-generator
Ah Ha! So YOU’RE the one so interested in the size of my Johnson! /sarc
Seriously, these &^$$^&^&’ers have hacked the SBCGLOBAL server many times. I have a pretty solid password(s) and have them go through a the server a few times to send out spam. I can only imagine how it must feel at 100x the headache. Don’t you just wish you could plant an e-bomb that would trace back to their server and explode when this happens? Best wishes Anthony!
I do some work with the FBI via their Infragard collaboration, we get cybercrime briefings regularly. This site has good information: http://www.fbi.gov/about-us/investigate/cyber
We had a similar problem through 1and1.com a few years back. Impossible to trace the origin and hard to fix. It was suggested we use a password that “no one else would even consider”. I was going to go with ilovealgore69 but just couldn’t bring myself to typing it in. Yet somehow, I feel less at risk.
“That which does not kill us makes us stronger.”
~ Friedrich Nietzsche
“That which does not kill us can make us awfully sick.”
– Wayne Richards
Re CodeTech:
…blocking proxies… You are blocking a lot of legitimate users. I always proxy to fuzz up Google’s total information awareness of me. Proxy through Amsterdam, all the ads change to Dutch or Euro, etc. I also do other stuff which could profile as a bad guy hiding himself, but good guys have to start hiding themselves in these NSA days.
conrad6:
Actually I have one site that requires geolocation for legal reasons. That’s the one everyone immediately tries to proxy in on. I know the mindset, because I also hate being blocked that way.
Some sites will ask security questions like “What was your Mother’s maiden name?” or “What was your first car?” or “In what city were you born?”. Those three are common.
Mix up your answers but always use the same “mix” so that you remember what to answer. ie, If they ask for your mothers maiden name, always answer with the city you were born or your favorite color.
That’s Suxnet.
Mike Freeman,
Has it right!
If Anthony is interested I have developed a password scheme and would be happy top share it.
@CRS, DrPH, that is one fine way to do what ? does not sound like a very safe way to advertise a “secure” site. but thanks anyway.