The Arcive of Official vBulletin Modifications Site.

smestas · #1 07-26-2004, 08:06 PM

Man do I have a story to tell!

One week ago my dedicated server was taken offline. Upon calling in the outage to tech support they tell me my account has been suspended due to a DoS attack on another network. After a week of begging and pleading (over a dozen calls) for access to my DB and files (not yet backed up) I was notified that all my files and DB have been deleted and the system has been re-formated. When I heard this I just about died. My site (a automotive forum) was getting thousands of visitors a day and I had just been negotiating with vendors for advertising and retail business to start reaping some revenue after two years of laboring on the site and financing it.

Has this ever happened to anyone else? Do I have any recourse against the hosting company after I explicitly instructed to them not to damage or remove my DB and files? Is this a common thing to have a dedicated box compromised?

Thanks for letting me vent!

I guess my next step is to find a lawyer and speak to their legal department.

smestas · #2 07-26-2004, 08:07 PM

Here is the proof that the hosting company sent to me. I have no idea of what it means!

--------------------------------
23:11:49.463437 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.463683 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.463688 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.463712 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.463867 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464152 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464158 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464167 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464380 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464389 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464422 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
23:11:49.464690 66.235.201.147.44680 > 69.31.70.150.webcache: udp 15 (DF)
--------------------------------

Andreas · #3 07-26-2004, 08:10 PM

Do you mind letting us know the name of this hosting company?
So nobody will never-ever make the mistake to host there.

Colin F · #4 07-26-2004, 08:12 PM

Quote:

Originally Posted by smestas

Man do I have a story to tell!

One week ago my dedicated server was taken offline. Upon calling in the outage to tech support they tell me my account has been suspended due to a DoS attack on another network. After a week of begging and pleading (over a dozen calls) for access to my DB and files (not yet backed up) I was notified that all my files and DB have been deleted and the system has been re-formated. When I heard this I just about died. My site (a automotive forum) was getting thousands of visitors a day and I had just been negotiating with vendors for advertising and retail business to start reaping some revenue after two years of laboring on the site and financing it.

Has this ever happened to anyone else? Do I have any recourse against the hosting company after I explicitly instructed to them not to damage or remove my DB and files? Is this a common thing to have a dedicated box compromised?

Thanks for letting me vent!

I guess my next step is to find a lawyer and speak to their legal department.

I can't really tell you what rights they have, but it seems to me that formating the whole system (on a dedicated box!) is a much to harsh reaction to a DoS attack.
Simply temporarily unhooking it from the network would have worked as well as far as I know...

AN-net · #5 07-26-2004, 08:37 PM

wow thats harsh, someone must of hacked your server and hijacked it and used to DoS other sites. I would ask for a list of ip's who had accessed it recently cause it seems as though u didnt DoS anyone so someone must have of hijacked your server, i would also like to know what company this is. Maybe we should flood their email with complaints and then they'll give him his hosting back

RichieBoy67 · #6 07-26-2004, 09:34 PM

Oh man that sucks dude... Sorry that happened to ya.. I would be pissed too...

Thanks for the push though. I am backing up my sites right now...

Erwin · #7 07-27-2004, 01:32 AM

I know it's no consolation now, but in future I encourage forum admins to organize off-server backups on a regular basis, just in case something like this happens.

DrkFusion · #8 07-27-2004, 01:39 AM

Quote:

Originally Posted by Erwin

I know it's no consolation now, but in future I encourage forum admins to organize off-server backups on a regular basis, just in case something like this happens.

And to ad on to that, take the extra effort to get some very stable source on hand to backup. If you are a very large board and every single bit of your site is dead serious to you, and revenue then I would suggest investing in a new home computer all together that performs automatic downloads and dumps of your offshore server. I can tell you after investing in such a system, I have one lieing in the corner, no monitor no keyboard no mouse, just the tower and thats all, 7 bay, 6 harddrive raid, 3 are just for my website, the other 3 are for ftp server. I take care of it to death, I can tell you it has kept me going so many times and I have had many close encounters.

Just for the very serious websites just would like to get that option out, if someone is thinking of doing something like that private message me I have some links to software. The thing is you have a daily archive of backups of the server space consuming, but as I said 3 harddrive (200gb each) just for backup of that 1 server which runs only that 1 site.

smestas · #9 07-27-2004, 06:33 PM

Quote:

Originally Posted by KirbyDE

Do you mind letting us know the name of this hosting company?
So nobody will never-ever make the mistake to host there.

It was with iPowerWeb.com on one of their dedicated plans. The price was right but their policies and customer service stink!

smestas · #10 07-27-2004, 06:34 PM

I've tried everything I can with these guys! Just cant get to someone who can help me. My last conversation was via email and they told me the box/IP has already been re-issued and that my account has been canceled. Needless to say Im really bummed out on them!

On the brighter side I have found a manual backup I ran from May of 2004 which I will be using to get the site back up and going. Unfortunatly Ill be missing thousands of posts and a few hundred members.

I'll chalk this up as one of those life lessons. Does anyone here have any security measure recomendations for me my second time around?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04662 seconds Memory Usage 2,247KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (3)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!