Community website hackers are scumbags

There are a lot of scumbags around these days!!!

Val

 

What I often do is find their facebook page & spam them back with a message saying what they've done

http://www.facebook.com/home.php#!/pages/Cruisecouk/134538543242460?fref=ts

 

Oo, that one has been up for a week and they've not noticed yet

 

I'm glad its sorted for now, but i wouldn't leave it at that.

I have a few thoughts on this.

Firstly, the chances of your site being singled out manually are absolutely minuscule. Most likely it was a plain old fashioned port scan. You probably know that every computer connected to the internet has an IP address. We'll ignore the new IPv6 standard for now because although its increasingly common, everyone is still accessible on IPv4. IPv4 is made up of 4 numbers in the range 0 to 255, with the first two or three of those numbers representing an entire network, and then the last typically one or two numbers being specific machines on that network. Its a genius but nowadays naive indexing system. It means hackers just need to write a simple program that 'pings' each IP address in sequence and notes who replies. Once it has a list of IP addresses that reply, which will be a small percentage of the ones tested, then the program will test which ports are open. A 'port' in internet terms is just another number on the end of your IP address that tells the machine which process the incoming request is meant for (in oversimplified terms). There are certain ports that are typically used for certain types of traffic, for example normal internet traffic happens on port 80, FTP is often on port 21, and secure HTTP is often on 127 for example. The hacker's program will go through its list of known valid IP addresses, and test which ports are listening on those IP addresses. After that, its just a case of testing what defences the target has, picking out the easiest (quickest to violate) and does its worst.

The implications then from that are that 1) your ISPs security is sadly lacking, 2) You're ISPs IP addresses and port numbers are in the hackers database of 'easy targets' and therefore 3) unless your ISP takes more action than to simply restore from backup, you'll be hacked again on the next lap of the hacker's dirty program.

The other thing that springs to mind is that you may be able to deal a blow to the hackers indirectly, using someone with more might than you alone can muster. You said the site was modified to advertise insurance. First, did you keep any evidence? In any case did you note which insurer it was? They wont have known about it, but the value proposition for the hackers will have been a click-through fee for driving traffic to these other sites. It would be great if the company was based in the UK because then you could write to them and tell them about their criminal activity under the Misuse of Computers Act 1990. If its not UK based then maybe other countries have a comparable law. A simple threat of legal action should be enough to get the ball rolling. Of course they would deny all responsibility but then you just tell them it was their advert driving traffic to their site, and if it was one of their agents that did it, they are still responsible for the activities of those they subcontract to. Insurance companies usually have good IT teams, and good legal teams. They need both. With threats of legal action which would in tern threaten their status as a regulated body, costing them a fortune in the long run, you can be sure they would then do all they could to ensure their ads don't get used in the click-throughs posted by the hackers, which in turn makes the activity less lucrative for the hackers. It would be nothing even close to an outright victory, because the hackers would just move on, but it would be like a quick punch on the nose at least.

 

So not a click-through then. Possibly a DDoS (distributed denial of service) attack on the site that hosts the image of the ad. By getting enough people to request that image at the same time, you overwhelm the target server so it can't respond to genuine requests, effectively taking it down. In the olden days of the t'interweb the phone networks used to pay people for generating traffic of any kind on their lines, because they got paid for the traffic, in the form of people's internet subscriptions. I can't see how that could still work now that we mostly have all inclusive broadband packages though.

If they've given you assurances about their security, and you've been happy with them so far, I'd stay put for now. If you switch now you'll have some down time anyway while your site moves over (the old DNS propagation delays).