digitech anouncement customers please read
#1
Thread Starter
My Feedback: (10)
digitech anouncement customers please read
Hello All
first of all
our shop is under attack by hackers , since allready 3 or 4 days.
not only our domains where hacked but many others.
we got it up and running we thought , but they managed to somehow now screwed up the whole admin section and order section
basicly the shop is a nice window but one can not order anything or look into their status.
we did kept a backup , but still no success to get it running.
not only did they do a very good job , they seem to go that far that they tried to break in our paypal accounts.
but also attacked our mail server and seem to shut that down also.
this means we can not print any ups stickers but also lost the complete ups database.
it went that far that our exchange server has now officialy "died" since last night , (harware is also destroyed maybe a unlucky power surge but we ca not rule out anything)
the HDD is recovered but the mainboard is dead (bios empty)
basicly this means tonight we are getting a new exchange server , and we are trying to get the shop running also tonight.
we apologise for all the trouble this might cause , also do not worry about any CC details since we DO NOT keep this info logged on any server.
this is done by extrernal payment servers , we just link to them.
Sandor Kruise
Digitech
first of all
our shop is under attack by hackers , since allready 3 or 4 days.
not only our domains where hacked but many others.
we got it up and running we thought , but they managed to somehow now screwed up the whole admin section and order section
basicly the shop is a nice window but one can not order anything or look into their status.
we did kept a backup , but still no success to get it running.
not only did they do a very good job , they seem to go that far that they tried to break in our paypal accounts.
but also attacked our mail server and seem to shut that down also.
this means we can not print any ups stickers but also lost the complete ups database.
it went that far that our exchange server has now officialy "died" since last night , (harware is also destroyed maybe a unlucky power surge but we ca not rule out anything)
the HDD is recovered but the mainboard is dead (bios empty)
basicly this means tonight we are getting a new exchange server , and we are trying to get the shop running also tonight.
we apologise for all the trouble this might cause , also do not worry about any CC details since we DO NOT keep this info logged on any server.
this is done by extrernal payment servers , we just link to them.
Sandor Kruise
Digitech
#6
RE: digitech anouncement customers please read
Its a shame that these little scrotes have to find their enjoyment at the expense of others, keep plugging away Sandor I am sure you will win in the end and have everything up and running in its normal efficient way.
Good Luck
Mike
Good Luck
Mike
#8
RE: digitech anouncement customers please read
Sadly these types of attacks are common and on the increase. Being a web developer it pees me off there are people out there who do this for fun. Unless you are using a reputable out of the box solution for your commerce web site it pays to have a specialist review your service and infrastructure for the most common vulnerabilities (e.g. denial of service, cross site scripting, sql injection etc). All the best for getting it sorted.
#9
RE: digitech anouncement customers please read
Would using an iMac cure this problem, I'v just bought one and am still finding my way around it, but thought it would be interesting to all to get the opinion of a specialist on what is supposed to be a better solution than a PC?
Mike
Mike
#10
RE: digitech anouncement customers please read
You're a consumer/customer. This thread is about a vendor whose online shop has been attacked. Totally different kettle of fish.
You need to ensure you have good anti-virus software and a firewall. Simple solution compared to the measures an online retailer needs to take.
You need to ensure you have good anti-virus software and a firewall. Simple solution compared to the measures an online retailer needs to take.
#11
Senior Member
Join Date: May 2005
Location: London, UNITED KINGDOM
Posts: 449
Likes: 0
Received 0 Likes
on
0 Posts
RE: digitech anouncement customers please read
Hi Sandor sorry to hear about aggro, glad you managed to get it all sorted, just a lot of unnecessary hard work, hope you and you family have a great Xmas & New Year.
Vince.
PS there is planning for a Bickley Jets 2011, so might see you then.
Vince.
PS there is planning for a Bickley Jets 2011, so might see you then.
#12
Thread Starter
My Feedback: (10)
RE: digitech anouncement customers please read
well the problem was that another customer of our hoster had a attack thru a bad setup oscommerce.
they planted some backdoor executables , the guy who hacked it is a known hacker.
he takes databases in hostage and tries to sell them back to you.
the guy was smart and rerouted all emails all trafic out. destroyed ssl certificates links
in this case they guy managed to break in twice on different days , and screwed up most of the data.
another problem was we own also a ssl licence , this license is coupled to our webshop.
so you can imagine you have to go thru the whole shop and check for things that wont work.
at some point you could just look at all stuff in the shop , but order nothing.
i coulndt even login anymore as a administrator.
and tried to recover all orders , that where partial send or paid but not send.
worst part of all was our exchange server that went down , so i could not see who had ordered what and when.
i was "digital blind" and you can see you can destroy a business just by cutting the data!
a good friend of mine came down last night with a brand new server including exchange 2007 (wich now i am happy to use it also thru my mac ;-) )
and slowly i recovered all mails ( 8.2 gb of emails!) luckely i use another server where we keep backups of archives.
thanks to exchange.
problem then is re importing all emails and orders you can imagine importing 8gb of email traffic back to the exchange server.
nightmare...
but its all back and working now toulk 5 days to get back and complete some orders.
funny or not since i sync my iphone also with exchange , at some point it deleted all my contacts , calendars , emails of my iphone since they are all linked.
they planted some backdoor executables , the guy who hacked it is a known hacker.
he takes databases in hostage and tries to sell them back to you.
the guy was smart and rerouted all emails all trafic out. destroyed ssl certificates links
in this case they guy managed to break in twice on different days , and screwed up most of the data.
another problem was we own also a ssl licence , this license is coupled to our webshop.
so you can imagine you have to go thru the whole shop and check for things that wont work.
at some point you could just look at all stuff in the shop , but order nothing.
i coulndt even login anymore as a administrator.
and tried to recover all orders , that where partial send or paid but not send.
worst part of all was our exchange server that went down , so i could not see who had ordered what and when.
i was "digital blind" and you can see you can destroy a business just by cutting the data!
a good friend of mine came down last night with a brand new server including exchange 2007 (wich now i am happy to use it also thru my mac ;-) )
and slowly i recovered all mails ( 8.2 gb of emails!) luckely i use another server where we keep backups of archives.
thanks to exchange.
problem then is re importing all emails and orders you can imagine importing 8gb of email traffic back to the exchange server.
nightmare...
but its all back and working now toulk 5 days to get back and complete some orders.
funny or not since i sync my iphone also with exchange , at some point it deleted all my contacts , calendars , emails of my iphone since they are all linked.