Sep 11 2006
Under Attack
Some of you will have noticed that AmeaNet’s server was down for about 16 hours last week. An earlier entry about this annoying and nerve wrecking event was withdrawn by me, because I was a little too emotional about it.
Fact is that we were seriously under attack by hackers once again.
Servers with lots of traffic tend to be very attractive for hackers. At first I blamed my provider because the attacks coincided with network problems on their end, but after studying thousands of lines of code and checking directory permissions I have to come to the conclusion that this was the fifth attack by Ukrainian hackers this year.
Previous attacks were quite harmless, but this one was serious. Using a security hole in our banner and classifieds program they managed to inject malicious code in our mysql database. Yesterday after 48 hours of playing detective on my own server I found the scripts they had left to nest Phishing sites on our server.
This is no small matter. Technically and legally I can be held responsible for these actions. The phishing sites were mimicking The Bank of America. It is part of a new cold war, it seems. So, I have not been sleeping very much and I have been very busy patching security holes.
I am really grateful that I once made the decision not to store credit card information on my server and to leave that task to our payment processor.