Jump to content

 
Photo

Hacker attack - 2 months of data lost!


  • Please log in to reply
25 replies to this topic

#1
Nick Springer

Nick Springer

    CartoTalk Founder Emeritus

  • Moderator
  • PipPipPipPipPipPip
  • 939 posts
  • Gender:Male
  • Location:Crosswicks, NJ
  • Interests:Cartographic Design, Print Maps, Graphic Design, Web Development, Ultimate Frisbee
  • United States

On Monday morning Europe time Hans noticed a new user posting spam in the forums. Hans warned him and deleted the postings. Unfortunately before I was awake and could delete the user, he used a SQL-Injection attack, made himself an admin and deleted the entire database.

This was partly my fault since a patch had been released a few days ago to prevent this and I hadn't gotten around to installing it.

To make matters worse the hosting companies backups were curropted beyond March 10th, so we have lost 2 months of postings and new users. I used to make local backups of the database myself but for security reasons the hosting company decided to disallow MySQL remote access so I wan't able to continue with those.

If you are a recent member and coming back and wondering why you can't login, you probably will have to sign up again.

I have implemented a few new things to prevent this in the future:
- I have made Hans an administrator so he can delete users when I am not around. We will also be looking for a member form Asia or Oceania to cover the other part of the clock.
- I have installed the latest patches and will make sure any new ones are installed immediately.
- The hosting company has given me remote DB access again so I can make my own backups daily. I have also implemented Plesk full-domain scheduled backups (for you techies), and the hosting company is fixing their backups. So, from here on out we have triple backups.

Sorry to everyone for losing what is essentially YOUR hard work to create the content that is the most valuable part of this board. If you save copies of the email digests that is a way to remind yourself of things you may have posted if you wish to repost anything.

Nick Springer

Director of Design and Web Applications: ALK Technologies Inc.
Owner: Springer Cartographics LLC


#2
Derek Tonn

Derek Tonn

    Legendary Contributor

  • Validated Member
  • PipPipPipPipPip
  • 455 posts
  • Gender:Male
  • Location:Springfield, Minnesota, USA
  • United States

Nick,

Sorry to hear about all that. You deserve a LOT better than having to wrestle with that kind of stuff. Why people feel the need to mess with the hard work of people volunteering their time to create an awesome board like this one is beyond me. :sad:

You or Hans get any data on the person before they hacked the forum? IP? Email (though likely faked)? Run any tracers or "pings"? Just curious...... :ph34r:

Derek
Derek Tonn
Founder and CEO
mapformation, LLC

datonn@mapformation.com
http://www.mapformation.com

#3
mike

mike

    Legendary Contributor

  • Validated Member
  • PipPipPipPipPip
  • 320 posts
  • Gender:Male
  • Location:Toronto, ON
  • Canada

I'm glad you got the forums back and up and running. Thanks for the hard work of figuring it out and putting everything back together.

#4
margaret

margaret

    Key Contributor

  • Validated Member
  • PipPipPip
  • 58 posts
  • United States

Thank you Nick and Hans -- for CartoTalk and the return of CartoTalk!

#5
franciscocartographer

franciscocartographer

    Key Contributor

  • Validated Member
  • PipPipPip
  • 58 posts
  • Gender:Male
  • Location:Phoenix, Arizona
  • Interests:Maps, FC Barcelona, Cadiz CF, Phoenix Suns, Hiking
  • United States

I will never understand why people do this :angry: .
There has to be a way to hunt down the @#* that did this.

Anyhow, thanks for the hard work.
--------------------------------------
Francisco Jimenez, GISP
Senior GIS Analyst & Amateur Cartographer

My webpage

#6
Nick Springer

Nick Springer

    CartoTalk Founder Emeritus

  • Moderator
  • PipPipPipPipPipPip
  • 939 posts
  • Gender:Male
  • Location:Crosswicks, NJ
  • Interests:Cartographic Design, Print Maps, Graphic Design, Web Development, Ultimate Frisbee
  • United States

Nick,

Sorry to hear about all that.  You deserve a LOT better than having to wrestle with that kind of stuff.  Why people feel the need to mess with the hard work of people volunteering their time to create an awesome board like this one is beyond me. :sad:

You or Hans get any data on the person before they hacked the forum?  IP?  Email (though likely faked)?  Run any tracers or "pings"?  Just curious......  :ph34r:

Derek

<{POST_SNAPBACK}>

We have the IP address, which we banned, but that's not much of a deterent. Most likely an anonymizer.

Nick Springer

Director of Design and Web Applications: ALK Technologies Inc.
Owner: Springer Cartographics LLC


#7
benbakelaar

benbakelaar

    Ultimate Contributor

  • Associate Admin
  • PipPipPipPipPipPip
  • 658 posts
  • Gender:Male
  • Location:North Brunswick, NJ
  • Interests:maps, information, technology, scripting, computers
  • United States

Nick, I noticed that poster that morning, must have been right before the attack! Anyway glad you take the board seriously and worked so hard to get it back up, I appreciate it. I wonder if we could create a separate topic where people (or maybe one super user who saves everything) could post the email digests. There were definately tidbits and pieces of info in the past two months that I would hate to have to find again!

#8
Nick Springer

Nick Springer

    CartoTalk Founder Emeritus

  • Moderator
  • PipPipPipPipPipPip
  • 939 posts
  • Gender:Male
  • Location:Crosswicks, NJ
  • Interests:Cartographic Design, Print Maps, Graphic Design, Web Development, Ultimate Frisbee
  • United States

Nick, I noticed that poster that morning, must have been right before the attack! Anyway glad you take the board seriously and worked so hard to get it back up, I appreciate it. I wonder if we could create a separate topic where people (or maybe one super user who saves everything) could post the email digests. There were definately tidbits and pieces of info in the past two months that I would hate to have to find again!

<{POST_SNAPBACK}>

Unfortunately the digest were truncated versions of new posts and none of the replies. I can post what I have somewhere and maybe the topic names will prompt people for ideas.

Nick Springer

Director of Design and Web Applications: ALK Technologies Inc.
Owner: Springer Cartographics LLC


#9
Hans van der Maarel

Hans van der Maarel

    CartoTalk Editor-in-Chief

  • Admin
  • PipPipPipPipPipPipPip
  • 3,862 posts
  • Gender:Male
  • Location:The Netherlands
  • Interests:Cartography, GIS, history, popular science, music.
  • Netherlands

What Nick said. I feel really bad about this. I 'warned' the spammer (which wasn't along the lines of: "Hey, you naughty person, stop this immediately", if you catch my drift), next thing I know he was in as an admin and started deleting the database. Tried to warn Nick, but as it was middle of the night over there...

If any of you spot another spam post, please notify me or any of the other moderators and it will be taken care of.
Hans van der Maarel - Cartotalk Editor
Red Geographics
Email: hans@redgeographics.com / Twitter: @redgeographics

#10
Andrew

Andrew

    Master Contributor

  • Validated Member
  • PipPipPipPip
  • 102 posts
  • Gender:Male
  • Location:Australia
  • Interests:Web development, and golf!
  • Australia

Sorry to hear about this guys!! I hope this doesn't deter anyone from keeping up the good work. This is a great source of information, assistance and just generally good people sharing their knowledge.

Andrew :D

#11
frax

frax

    Hall of Fame

  • Associate Admin
  • PipPipPipPipPipPipPip
  • 2,301 posts
  • Gender:Male
  • Location:Stockholm, Sweden
  • Interests:music, hiking, friends, nature, photography, traveling. and maps!
  • Sweden

Hi, and thanks for all the work! I missed the board during the downtime!

Quite a string of bad luck, bad timing, and sabotage (and sprinkled with some not so solid work...)
Hugo Ahlenius
Nordpil - custom maps and GIS
http://nordpil.com/
Twitter

#12
Nick Springer

Nick Springer

    CartoTalk Founder Emeritus

  • Moderator
  • PipPipPipPipPipPip
  • 939 posts
  • Gender:Male
  • Location:Crosswicks, NJ
  • Interests:Cartographic Design, Print Maps, Graphic Design, Web Development, Ultimate Frisbee
  • United States

I spot of good news this morning. Benbakelaar has used some scripting and Google's cache and has been able to capture a large portion of the missing posts, up until just a few days ago. I will work to try and restore as much of this as possible to the site.

Thanks Ben!

Nick Springer

Director of Design and Web Applications: ALK Technologies Inc.
Owner: Springer Cartographics LLC


#13
ELeFevre

ELeFevre

    Hall of Fame

  • Associate Admin
  • PipPipPipPipPipPipPip
  • 1,049 posts
  • Gender:Male
  • Location:Louisville, Colorado USA
  • Interests:Cartography, musical instruments, reading, hiking, craft beer
  • United States

I spot of good news this morning. Benbakelaar has used some scripting and Google's cache and has been able to capture a large portion of the missing posts, up until just a few days ago.  I will work to try and restore as much of this as possible to the site.

Thanks Ben!

<{POST_SNAPBACK}>


This is excellent news. Thanks for all your hard work Nick, Hans, Ben.... Why someone would do this makes absolutely no sense to me. I just don't get it.



#14
Rick Dey

Rick Dey

    Legendary Contributor

  • Validated Member
  • PipPipPipPipPip
  • 302 posts
  • Gender:Male
  • Location:Santa Rosa, CA
  • Interests:Illustrator, MAPublisher, GIS, Street Maps
  • United States

Nick,
Sorry for all you're having to go through, I'm sure this has eaten into your productive wage earning time. Thanks once again for all you do for us.
This would be a good time to remind everyone of that "Help support CartoTalk" button once again.
Rick Dey

#15
Kartograph

Kartograph

    Legendary Contributor

  • Validated Member
  • PipPipPipPipPip
  • 320 posts
  • Gender:Male
  • Location:Berlin, Deutschland
  • Germany

Yes, thanks for going through all that trouble for us.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

-->