News: Celebrating over 10 years serving the creative community

Author Topic: HLC Hacked II  (Read 14744 times)

Bekey

  • twitter.com/@bekey_
  • Global Moderator
  • Roach
  • ****
  • Posts: 14
  • Some other nerd
HLC Hacked II
« on: January 16, 2012, 11:11:38 AM »
Lolwut?
As you might have heard, the start of 2012 marked the first visible attack executed on our servers by l33t h4x0rz. The hacking group targeted many sites across the internet, which is rather fortunate, since the point of the attack was just spreading their virus and not a total annihilation of that wonderful nerd community we have here.

I approximate the damage done was minimal and already fixed, Thomas was quick enough to get rid of the malicious code from the most visited parts of HLC in a matter of minutes. And the rest of the thousand attacked, less visited, files were cleaned with l33t scriptz :science: in a matter of a few days.

I still advise you to run a virus scan over your computer, if you visited this site on the 1st of January and it redirected you to a suspicious site. Recommended software:
>> http://www.malwarebytes.org/ - MalwareBytes is pretty nerdy when it comes to malware. Install, update and run a scan while your main AntiVirus is disabled.

HLC, and it's entire web of sub-domains and guest hosts, has been part of a hacker's playground since June - at least. Since this date, multiple hackers have been uploading shells and other malicious files to our servers silently. We did our best to clean up and remove the access points they've been planning to use in the future. There's always a chance of another attack, so I'm asking everyone being hosted by HLC to take care of his/her website's security to prevent further attacks.





How you can contribute to our safety:
As being part of HLC Hosting it is in your best interest to keep yourself, and the entire community safe. There are a few things you can do, to keep yourself away from greasy situations like these:

>> Regular security updates or GTFO
First and foremost, the biggest weakness and likely the cause of this attack was one- or multiple outdated Content-Management Systems. Your blogs, your forums and the dynamic sites you host on your server, should be, at all times up to date. It takes a few easy steps to breach through a vulnerability on an outdated system. More so, hackers regularly search for websites running vulnerable systems and add them on hit-lists, which soon get released on hacking forums.

>> Safe passwords!
It's not hard to have 16+ letters long passwords, take your favorite movie quote, game/movie name, lyrics or your long Pakistani name your butt-buddy whispers in your ear every night. Take out the spaces and you've got your ultra-hard password. Here's a few examples: ashiqyourdongislongandflaccid | itastedeverykindofdick | bekeyshutthefuckupalready. Forget your pride and replace "for" for 4, "too/to" for 2 and you've got a not necessarily safer, but shorter and yet still a good passwords.

>> Be realistic!
Do you really need a forum for the mod barely anyone knows about? Do you really need to keep a blog you've never updated?
Probably not  :cop:
Nah?

James

  • Administrator
  • Gman
  • *****
  • Posts: 1359
Re: HLC Hacked II
« Reply #1 on: January 16, 2012, 12:28:50 PM »
I want to kiss my hands and blow the kisses at you then laugh and blush while playing with my hair.

<3

Thomas

  • Administrator
  • Gman
  • *****
  • Posts: 1929
  • Some nerd
    • Half-Life Creations
Re: HLC Hacked II
« Reply #2 on: January 22, 2012, 07:50:02 PM »
All FTP passwords have been reset. Contact me to reset yours, following Bekey's suggestions for password strength.

Simon

  • BSR Team
  • Gman
  • *
  • Posts: 1127
  • Whiskey brony
Re: HLC Hacked II
« Reply #3 on: January 22, 2012, 07:59:54 PM »
May I suggest to reset the ftp's passwords anyway ? Just for good measure, like bekey said "Regular security updates or GTFO", changing passwords goes into that gategory.


Anton

  • Gman
  • ******
  • Posts: 1827
Re: HLC Hacked II
« Reply #4 on: January 23, 2012, 04:18:09 AM »
I was thinking about that too the other day when my dad said his password for work was like eight characters and random numbers and stuff, and my very limited sense of math and logic just went "wouldn't more characters just always work better than random ones?"
I guess it takes up more space to store foreign stuff like spaces though.

hydeph

  • Zombie
  • ***
  • Posts: 50
    • hydeph
Re: HLC Hacked II
« Reply #5 on: February 25, 2012, 03:42:32 PM »
you make like this is something worth 'protecting' from 'internet hax0rs'

for great justice