Wetlook World ForumCurrent time: Thu 28/03/24 10:25:23 GMT |
Message # 36728.1.1.1.1.1.1 Subject: Re: I absolutely agree with your comment Date: Sun 10/08/08 06:46:15 GMT Name: Max |
Report Abuse or Problem to Nigel at Minxmovies
|
Hi Gregg,
I always thought as a commercial site you run an own root server, i. e. a piece of hardware you are fully responsible for, or someone you trust in this case. From your post I learned you are using the service of a conventional web hosting provider. Both approaches have advantages and disadvantages: An own root server is more expensive (probably 100 $ instead of 10 a month), you need a person that regularly looks after it and is responsible for maintaining and technical updates. On the other hand, if you rely on a simple web hosting plan, you have to share the hardware with some 10 or 100 other domains, and you must fully trust your service provider to keep your data secure and to technically update the systems regularly.
I'm from Germany and don't have any experience with US web hosting providers, but http://www.webhostingjury.com/reviews/Globat doesn't read as if your provider would have a very good reputation. In Germany, many providers often neglect their duty to update systems for months or even years (they have their reasons), increasing the risk that newly discovered security holes can be exploited and thousands of websites get "hacked".
Simple example: Your website runs on Apache 1.3.29. This was released 2003-10-29, i. e. you are running your site on a web server with all the security holes from almost five years! And the bad thing is you can't do something about it except ask your provider.
It's not a matter of your customer's passwords (as long as they are saved in a secure place (they are not stored on the computer you are currently surfing the Internet, right?)). At least I hope your system is not designed to give your customers administrative access. By the way, are you sure not to store customer data (like real names, addresses, credit card details) on your web server where your provider and in case of a security hole almost everyone in the world can read them? Some of your customers would not be very amused.
It seems that either someone stole the administrative access password (from your computer or through a security hole at your web space provider) or that there was another way to break into your system. Let your provider explain what happened. Give them some hours to explain, not weeks. (But from the link above I learned you should not expect any answer.)
Generating random passwords is one (important) thing. Other things to keep in mind are: How reliable is the web hosting provider? What about important security updates? Is your administrative password complex enough and stored securely? Is my business worth a reliable provider or even an own root server plus a tec guy I trust?
And finally - it is very understandable that you condemn the intruder in this case. But it makes no sense: if a hole is open then someone will exploit it, earlier or later. The only way to keep a site secure is to regularly apply technical updates.
Best wishes,
Max |
In reply to Message (36728.1.1.1.1.1) Re: I absolutely agree with your comment
By Interwet USA - Thu 07/08/08 22:06:57 GMT I gather that you are not a member or you would know that IW-USA and LL go to great lengths to create randomly generated usernames and passwords for each member. Obviously someone attacked the server which I noted before IS NOT OURS. We have NO control over Globat servers except to perform uploads and administrative functions. Rather than criticize LL and my efforts to keep the sites as secure as possible, how about telling us how to control a server that we don't own and what else can we do for usernames and passwords beyond random generation of numbers, upper case letters, lower case letters, "special" characters, etc. I would welcome any pearls of wisdom that you care to impart upon us to safeguard our sites. We have taken all precautions known to us to prevent this kind of action from happeing. I'm a professional photographer---not an I.T. guru. I don't claim to be a computer expert. It appears that you are so please provide us with some specific things that would keep this sort of disaster from occurring again. Thanks. Gregg, IW-USA
|
In reply to Message (36728.1.1.1.1) I absolutely agree with your comment
By Max - Tue 05/08/08 18:04:38 GMT I absolutely agree with your comment. The website owner should not whine here but learn from the case and protect his properties. We will never hear, but I bet there was a weak password somewhere.
Max |
In reply to Message (36728.1.1.1) Re: LL is fine ..read thread..it cost us a model
By grumbles. - Tue 05/08/08 10:04:33 GMT kind of like beating the guy who steals your stuff even though you left all your doors unlocked. in all honesty, does the blame fall squarely on the perpetrator? lesson: never underestimate the value of IT security. |
In reply to Message (36728.1.1) Re: LL is fine ..read thread..it cost us a model
By cyroc - karstmd@verizon.net Tue 05/08/08 04:23:10 GMT Gee, it'd be nice to know the name, address, e-mail, bank account number etc. so someone can thank the 'gentleman' for his kinds deeds. "Asshole" indeed...tsk, tsk...forum rules suggest cherrily positive comments. |
In reply to Message (36728.1) LL is fine ..read thread..it cost us a model
By Liquidladies/Waterlogged Production - weinerking@bellsouth.net Tue 05/08/08 01:37:27 GMT Website: waterloggedproductions.com Things are getting back to normal for the group and it is safe to explore the site Liquidladies and place order as well. IW -USA of course is healed. So it is back to normal.
Sad thing is guys...this joker who did this cost us a very sexy new model who loved wetlook and wanted to do continuous work with us. It was NEW girl Lisa...See her threads on other pages (still up)....One sexy girl with deep blue eyes and a love for water. After each photo shoot she insisted I come in the water with her for horse play...very fun guys...
But Crystal and I both have told her what had happened and we are not a porn site. She was getting messages and re directins on the site of LL to Porn sites. She was very upset and said NO MORE photos because she did not want to be associated with pornography. This is the communities LOSS due to some asshole on this forum....
Yes indeed...1 can ruin it for all Guys......and he did....Lisa is gone for good. (WK) |
In reply to Message (36728) IW-USA is repaired
By Interwet USA - interwetusa@sbcglobal.net Tue 05/08/08 00:28:05 GMT Website: http://interwet.waterloggedproductions.com Hi wetlook lovers. I have just received word from our Webmaster, Dan, that IW-USA has been cleaned of any problems and completely reloaded. Further, I just went to the site and checked it out for myself---no more funky stuff. This virus, disruption, or whatever the hell it was, affected several sites in the globat network to include IW-USA, Liquid Ladies, and Wetgod's Girl Next Door site. It is my understanding that the culprit injecting the virus has been identified, however I do not yet know who it was. My heartfelt thanks to our Webmaster, Dan, in Great Britain and the numerous folks from our community both is the US and GB who took the time to help us identify and correct this situation. I truly appreciate it. The Liquid Ladies site and Wetgod's site are still being reloaded at this hour; I'm sure they will announce the "all clear" very soon. Any members having problems with user id/passwords not working, please contact us at the e-mail above. We had everything on the site backed up thankfully and everything should work as it did before (notice I say "SHOULD") Thanks to all our members for your patience over the past 24 hours. Gregg, IW-USA
|
Report Abuse or Problem to Nigel at Minxmovies
If you enjoy this forum, then please make a small donation to help with running costs:
(you can change amount)
|
[ This page took 0.046 seconds to generate ]