Hacker causes havoc for websites

[InfoSec News <isn () c4i org>]

http://news.bbc.co.uk/1/hi/technology/2967749.stm

[There's an old advertising adage about putting a $10 helmet on a $10 
head, it appears BarginHost was skimping on their security, and their 
customers paid the price.  - WK]


23 April, 2003

Up to 1,500 websites could have been affected by a recent hack attack. 
The hacker broke into the server of web hosting firm 
bargainhost.co.uk, stealing passwords and defacing websites. 

One of those affected, snowboarding site powderroom.net has lost 7 
months of e-mails, contacts and forums since the site went down last 
week. 

Bargainhost, which looks after around 5,000 websites and has 1,500 
sitting on the affected server, is struggling to cope with the 
problem. 


Poor service 

"Our only advice to customers at the moment is to change their 
passwords," said Technology Manager James Innes. 

Backups of customers website have become heavily corrupted as well and 
the firm is currently manually recreating over 1,000 customer 
accounts. 

Owner of powderroom.net Lucie McLean is unimpressed with the level of 
service received since the incident. 

"They didn't reply to any of my queries personally about what was 
happening and it wasn't until Wednesday that they even acknowledged 
there was a problem - even then they couldn't give any estimate of 
when it would be restored," she told BBC News Online. 

She has decided to move the site to a new host despite paying out for 
two years of hosting with bargainhost.co.uk. 

Her advice for other websites is simple. 

"I know we always get warned to backup data at home but it never even 
occurred to me that I might have to back up what I had stored on their 
servers," she said. 

"I thought they would have had really good security. I reckon people 
should be warned to back up everything - everywhere," she added. 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.