|
As many of our readers already know, the webserver housing Demensions was hacked earlier this summer and as a result, we were offline for several weeks while we rebuilt. Fortunately, we keep our content archived offline for just such an emergency and our losses were minimal. Our discussion forums were completely lost, as were user ratings for the individual stories, but other than that, we've gotten everything back online. It really does pay to keep good backups, folks. You just never know… The first question pretty much everyone asked me about the incident was, "Do you know who did it, and why?" The answers are no, and yes. "But if you don't know who," I can hear you protesting, "how can you know why?" Because cracking servers is big business now, that's why. Back in the day, hacking was most often an intensely personal act. Hackers were either drawn to the challenge of breaking into allegedly impenetrable systems (ala NORAD, in Wargames) or motivated by revenge, seeking to destroy the sites of people they were pissed off at. So, if one's site was hacked into, and you weren't the government or some other sexy, high-security target, the first question a site owner generally asked was, "Who have I ticked off lately?" Some years ago, another site that I run was hacked by a member who took exception to the way we ran the place. He put up some…"love notes"…for me, especially, and generally defaced the site. He also conveniently left his IP signature all over the place, and we were able to contact his university and resolve the matter, but we had a pretty good idea of who the culprit was even before we traced the IP. That's just how it was, back then. Hacking was more of a family affair. But things have changed. Most hackers now don't know their victims, and they aren't out for glory or bragging rights. They don't want to get even with anyone, or steal your files, or test their skills against your security experts. What they want are your resources. IP and bandwidth theft are now the greatest threats to server operators, especially small operators. Compromised servers are used to pass illegally traded files, send spam, and hide child pornography. The server owners are often unaware that these activities are being carried out using their IP addresses and bandwidth, until an ISP happens to catch the usage spikes and investigates. Then, the ISP shuts down the server, and leaves the owner to pick up the pieces. That's precisely what happened to us. A hacker used known vulnerabilities in the Linux kernel to drop a Trojan on our server. The Trojan gave them remote access to the server, allowing them to hijack our bandwidth and use our IP address for their own purposes, most likely for spamming. Our ISP noticed uncharacteristic usage, started digging, and pulled the plug. Although you'll never see a splashy CNN or Fox News headline about this sort of cyber crime, it's become a huge problem for the small, local hosting operations and private servers who can't afford armies of full time security specialists. Spammers, warez operators, and pornographers hop from stolen server to stolen server to stay one step ahead of the blacklists and the law, destroying the businesses of honest operators in the process—because the server owner is the one who suffers. At the least, the server will be made unavailable for days, even weeks. Content may be lost; customers whose sites are hosted on the compromised box may demand refunds, or even leave. And at worst, the server owner may be held liable for actions carried out on their servers, even if they had no knowledge of it. Compromised servers are used to carry out attacks against other sites…which then trace the attack back to the unsuspecting server owner. Spam blacklists record the IP address associated with mass mailers, and block innocent servers, often with no notification and no recourse. And should a hacker use one's server to house child pornography… I shudder to even think of what the consequences might be. So, server owners and resource thieves play a game of cat and mouse, owners trying to stay one step ahead with patches and improved security, the hackers digging for new exploits and vulnerabilities. It's a tiring and frustrating game, and one you have no choice but to play if you run a webserver. "But I don't run a server," you say. "What can I do?" More than you think! First, don't EVER buy any product advertised in spam. Don't respond to spam. Don't even open it: most spam is sent in HTML format, and when you open the message, it hits a specific URL in order to render on your screen. That URL is keyed, and tells the spammer yours is a live email address. If you use the preview pane in Outlook, turn it off; even previewing forces the HTML to render, which is also how many viruses are passed. Spammers continue to churn out messages because it's profitable. If people stop buying the products and services offered—if they stop even looking at the messages, and the tracking sites get fewer and fewer hits, eventually they'll stop. No law will stop it, no software will stop it. Only dwindling profit margins will have any impact at all. Second, don't engage in illegal file trading. Other issues of ethics aside, do you really want to screw over some poor soul who's just trying to make a little extra income by selling $10 home pages, so that you can get a free movie, or a pirated copy of Photoshop? Because chances are, that's whose bandwidth your illegal downloads are using. Pirates don't exactly sign up with their local ISP, get a home page in their own name, and set up shop. What they are doing is illegal, and they're going to hide. And they hide on the servers of the little guys. So whatever you think about Microsoft's pricing policies, or Warner Brothers' Pictures profit margins, just don't do it. I know you probably think you aren't hurting anyone, but you are, and it's not the big mega-corporations. It's people like me. And finally, I know this will sound like an oxymoron, but if you must frequent adult sites, at least try to stick with, erm, reputable ones. And if you visit such sites, you'll know what that means. Something like sex.com isn't hiding from anyone, and is definitely not hijacking anyone else's servers. So, now that you know more about the seamy world of server hacking than you ever really wanted to, and a few basic things you can do to take away the economic incentives that fuel these resource pirates, just one question remains: what are you still doing here? There are great stories to be read, so get going! |
acked, cracked, compromised, invaded, rooted…whatever term you use, it all works out to the same thing: disaster.