As you might have heard, the start of 2012 marked the first visible attack executed on our servers by l33t h4x0rz. The hacking group targeted many sites across the internet, which is rather fortunate, since the point of the attack was just spreading their virus and not a total annihilation of that wonderful nerd community we have here.
I approximate the damage done was minimal and already fixed, Thomas was quick enough to get rid of the malicious code from the most visited parts of HLC in a matter of minutes. And the rest of the thousand attacked, less visited, files were cleaned with l33t scriptz
in a matter of a few days.
I still advise you to run a virus scan over your computer, if you visited this site on the 1st of January and it redirected you to a suspicious site. Recommended software:
- MalwareBytes is pretty nerdy when it comes to malware. Install, update and run a scan while your main AntiVirus is disabled.
HLC, and it's entire web of sub-domains and guest hosts, has been part of a hacker's playground since June - at least. Since this date, multiple hackers have been uploading shells and other malicious files to our servers silently. We did our best to clean up and remove the access points they've been planning to use in the future. There's always a chance of another attack, so I'm asking everyone being hosted by HLC to take care of his/
website's security to prevent further attacks. How you can contribute to our safety:
As being part of HLC Hosting it is in your best interest to keep yourself, and the entire community safe. There are a few things you can do, to keep yourself away from greasy situations like these:>> Regular security updates or GTFO
First and foremost, the biggest weakness and likely the cause of this attack was one- or multiple outdated Content-Management Systems. Your blogs, your forums and the dynamic sites you host on your server, should be, at all times up to date. It takes a few easy steps to breach through a vulnerability on an outdated system. More so, hackers regularly search for websites running vulnerable systems and add them on hit-lists, which soon get released on hacking forums.>> Safe passwords!
It's not hard to have 16+ letters long passwords, take your favorite movie quote, game/movie name, lyrics or your long Pakistani name your butt-buddy whispers in your ear every night. Take out the spaces and you've got your ultra-hard password. Here's a few examples: ashiqyourdongislongandflaccid
. Forget your pride and replace "for" for 4, "too/to" for 2 and you've got a not necessarily
safer, but shorter and yet still a good passwords.>> Be realistic!
Do you really need a forum for the mod barely anyone knows about? Do you really need to keep a blog you've never updated?