My advice to the bunch of complainers:

Set up a business (that is put your own money at risk), work hard, pray that people buy the services you are offering, charge little, get low return AND then, once you've been in other people's shoes, carry on with your complaining.

My bet is you would understand...


Having said that, I do not like when I believe sections are not really delivering or are rather cheeky. But it is obvious for the number of people who STAY in this site that it is not so well paid as to be worth the effort...

Greetings,

GMTonyKosten wrote on 10/29/07 at 22:05:56:

Bearing in mind the above and the earlier posts by Alien chess and others...

On a UNIX system, hackers gain access to the "root" (equivalent to the Windows "admin" level user) - hence the term, "rootkit" - through compromised passwords or by exploiting a known vulnerability in a service running on the system. Once they have root access, they can do pretty much anything they want - they can come and go as they choose by use of a installed "backdoor"; the rootkit is installed as a means of hiding such activity.

Once the system has been compromised, removing a rootkit from UNIX is nigh impossible - a format/reinstall is necessary.

One must, therefore, have a good security policy in place to prevent, in the first instance, and recover from such compromising of the system.

The UNIX system must be locked-down as much as possible - only run the needed services/scripts, the fewer such running on a system, the less opportunity is afforded the hacker. Lock down user accounts - no shell access unless required.

Compile services from source (including Apache) oneself.

It is critical to have a update notification service - for any/all available updates - and ensure that these are installed.

Run rootkit scanners daily - Tripwire ("payware") or AIDE (free equivalent of Tripwire - NOT a free version of Tripwire!), chrootkit and/or RKHunter - and send the output to people who'll act upon the reports.

Install and run network monitoring software on the whole network - nmap and/or SNORT. Again, send the output to those who'll act upon it. [They'll show up backdoors for a start.]

Ensure that you have a hardware firewall as well as IPTables (for filtering packets based on rules).

Take separate daily backups of the operating system, applications and data. That way, you'll only "lose" one day's data, at worst.

The above is just a quick rules-of-thumb guide for your "IT guy" - it isn't definitive!

Speaking of updates...

I note you're currently running 2.1 - I don't know what version you were running beforehand, most likely this version from what I've seen on the site.

However, they've just released (8 Nov) a newer version - YaBB 2.2 - which includes several security and anti-spam enhancements.

NOTE: If your site includes lots of 2.1 "mods", these won't work under 2.2 (from what I've read there). They also recommend backing up the whole forum - several times for safety reasons - before installing the new version in it's own separate directory.

See also http://www.yabbforum.com/community/?board=general;action=display;num=1194579334.

Kindest regards,

Dragan Glas

Markovich wrote on 10/29/07 at 18:27:50:


It is a Unix with Apache, and the IT guys suspected some vulnerability in the Forum software. I went to the YaBB Forum to ask if this was possible and they denied there were any holes, or at least no more than you would expect from free software!

Anyway, this is why the Forum has moved to another site. If it gets hacked again it won't bring down the main site!

Yes, Willempie is quite right, we have no credit card details on the server at all as the payment is carried out on the WorldPay site, which is a part of the NatWest/Royal Bank of Scotland group, I believe.
I reckon we will lose many thousands of dollars because of this so I will definitely ask the techies if they can work out who might be responsable, but I am not holding out too much hope!

Yes I am also wondering about the safety of my credit card information at chesspub.
But I seem to remember that when I subscribed months ago, payment was done at another site, so hopefully its safe. 

I suppose one good thing about now having the forum in a completely different place is that if the site does get hacked again then at least we can discuss the problems here!

OK, Alien, according to the IT guys someone managed to get control of the server and install a rootkit, which are invisible as you are no doubt aware. All the recent backups were possibly compromised as absolutely anything could have got on them (a bit like foot and mouth disease for cows - once one cow has it they slaughter the whole herd). 
Even if they had a safe backup they told me it would be too risky to use, as the security hole that was originally used would still be there, and the hacker would get on again.
Now, this is what they told me, but I have no way of verifying this as I am not a Systems administrator. If you can explain to me how they could have used an older backup (and please be as technical as you like) then I will forward this to them and post their reply here.

Regarding informing members, I have now got hold of the current list of members and will definitely email them all should anything similar happen again. I am just a chess player and we rely entirely on experts to keep the site running, I thought we had a 'foolproof' backup system in place so that nothing like this could ever happen (I am aware that hard discs die occasionally but made sure this wouldn't effect the site too much).

Regarding the last post, I for one didnt know who to contact. Everything down, dont think have anyone's personal emails. Bit of a poor show. But back up, not to worry too much. Perhaps just British fatalism. Oh, raining again.

Looks like better IT bods required. Seems a few posting here - any of them want to take over?

That said, nothing to get too het up about from my point of view. Just a chess web site (with all due repect to those who toil there). Not life or death or anything - a way to idle away time and get a couple of ideas on how to win the odd game. 

Imagine  a number of people's bosses, colleagues, wives and kids were pleasantly surprised last week by the upturn of non-screen-chess interest. Perhaps MnB and SF even found time to go to the park.

Best of luck remaining secure henceforth. Look forward to this month's posts.

Bibs

GMTonyKosten wrote on 10/27/07 at 22:28:50:


Not if you make backups daily, weekly and monthly to magnetic tape or a hard drive that isn't connected to a network at all.

A site with paying members being down for a week with nobody being told anything is wrong (and payers can take sites to court for not delivering goods I guess). At least give members some bonus content in return...

Jings dont you guys know what a backup is? Its not hard to unpulg a server, put in the new one, transfer backup from magnetic tape to new server, and your site is fine. Sorry but whoever you have as your techies really need sacked.

And these attacks are not common on well and properly configured websites/servers.

You should perhaps ask your IT guy to change his server's operating system.
Those problems happen quite often with servers using an OS coming from Redmond.
A rescue plan should also exist and communication should bettered in the future  for in case the server would shut down again.
But to be honnest my happiness now the forum is back is bigger than my disappointment when ot was down.

i emailed the chesspub admin and got a reply saying the server was hacked and they were trying to restore it. That satisfied me somewhat, but i think in future the chesspub admin should take the initiative to send an email to all subscribers informing them of what happened.
(tony please keep the email addresses of all subscribers somewhere safe!!)

Point taken, but it sounds like you need some new IT guys.

Something's not right here. A web-based business simply disappears for over a week, without so much as a 'site under construction - come back later'. That's absolutely shambolic, and subscribers deserve a lot better.

I've never seen a commercial site suffering such an outage. And when the thing gets back up, nary an explanation. If thats the way customers are being treated, I decline to renew.