Comments on: Hacked

By: Jonathan

Jonathan — Wed, 18 Apr 2012 15:25:21 +0000

Thanks for sharing. Couple of comments:

1) “High-resolution digital files are valuable, by only if you can license them, a task which is nowadays quite difficult even for legitimate image creators.”

Much of the value of your site lies in the network of incoming links, distributed across the Internet, that you have built up over many years. The good news is that this incoming link network is essentially unhackable. The bad news is that incoming links have value only if your site is up and running.

2) “However, the hosting company set up the drives as an LVM (Logical Volume Manager) volume group, which defeated the purpose. They recommended that I reload the OS and restart from scratch, although there exists a risky procedure to remove a drive from the LVM. As it had taken me more than a day to get to that point, I wasn’t too keen on doing it over again, so I asked my system administrator to try the procedure. Sure enough, it failed, leaving the server in a state where it wouldn’t even boot.”

In a situation of the type, where the help-desk’s advice is to reload the OS or perform some other complex task where you are risking hours or days of your time if all doesn’t go as planned, why not put your current HDDs aside and start from scratch on a new HDD? Then if everything goes well you can wipe your old HDDs, use one of them and keep the other in reserve, and if everything doesn’t go well you can at least use your server until you decide what to do next.

By: QT Luong

QT Luong — Mon, 16 Apr 2012 06:36:42 +0000

Michael, yes, I’ve spent quite a bit of time securing the server. This includes: change of all passwords (now using complicated long ones that are a pain to type) deployement of a reverse proxy, software updates (ex: PHP), paying attention to PHP notices (for instance going to PHP 5.3, I replaced hundreds of instances of mysql_db_query() since it is deprecated…), review of scripts to make them injection-proof, hiring a sysadmin for security audit, and installing a bunch of security programs and monitors.

By: Michael Russell

Michael Russell — Sat, 14 Apr 2012 20:53:18 +0000

Glad you have everything back up and running though the road to completing that was not easy. Have you taken any new precautions with the new server so this sort of thing is less likely to occur again?

By: QT Luong

QT Luong — Fri, 13 Apr 2012 02:43:49 +0000

Richard, I don’t think that the case. At the time of the first intrusion, I was not traveling, and therefore did not use public wifi. Also, I am wondering how those tools would work. I’d imagine they’d try to catch passwords, but for logging into the server I use only protocols such as ssh and scp which are highly encrypted (unlike, let say ftp).

By: Rolf Hicker

Rolf Hicker — Thu, 12 Apr 2012 23:05:16 +0000

I’m very sorry to hear your trouble with the servers. I had to spent a fair amount of time into software development and server trouble too – not fun being a photographer. Glad you got it going again.

Hope you had a great time up North.

By: Richard Wong

Richard Wong — Thu, 12 Apr 2012 19:53:42 +0000

Sounds like a complicated process, QT. I’m not sure how often you use public internet wifi, but do you think your security was compromised by using public wifi? I went to an SEO conference in November and one of the speakers was demonstrating all these illegal tools to hack people’s computer from public wifi networks. Which ironically was probably the reason why my site was hacked during that conference…