Keeping Your Network Locked Down

WebHostingTalk was recently hacked by an ingenious method; someone gained access to their offsite backup servers and used that to gain access to their database tables. They had to restore from an extremely old database, and many users lost tons of post counts and interesting topics. Even worse, the attacker was able to get tables containing usernames, passwords, and email addresses. These tables area already out in the open on a bunch of file sharing sites, and users could potentially be getting tons of spam quite soon.

In the thread, some people insinuate that this has happened to WebHostingTalk before and they didn’t take the proper measures to prevent it happening this time. I mention it because this is a good case study for security methods- secure anything and everything that has access to your machines and make backups of your backups! Attackers are trained and ready to take advantage of the weakest link in your security chain, and they will jump on the chance to gain entry if you’re not extremely careful (they don’t call them “exploits” for nothing!). WebHostingTalk didn’t do either and now their users are suffering from it. Make sure that you do a competent security audit of your machines; I’ve mentioned software like Nessus and Acunetix before. Don’t rely, however, on software alone! Have an experienced security analyst take a look, and only after he’s done should you starting making backups of your backups. When sensitive information is at stake, please spare no cost- it saves headaches and heartbreaks for many, many people down the road!