I opened a ticket early this morning when I learned that all of my directories were hacked. Every directory was written with the hacker's index pages in every possible format - .htm, .html, .asp, .php, etc. I changed the password. A short while ago, after I've spent hours deleting these files and trying to restore the correct index files from my own backups since no one would respond to this ticket, the same thing is happening again with a different page. I have repeatedly asked for someone to call me, no one has. WHAT IS GOING ON? How can a hacker break into my site and disrupt it, twice in one day? Why is no one from discount asp willing to communicate with me and let me know what is taking place? Are they even looking into the problem? I have no clue. Is anyone else experiencing this? Is someone hacked into their servers and that is how they are able to delete and add files? Are steps being taken to protect our data? SOME ANSWERS PLEASE!!! Regards, WM Experience the Poconos - http://www.poconocommuter.com
We are investigating this incident as we have stated in all your prior support tickets. We understand your frustration and concern, but making these types of posts in the cummunity form does not help the investigation or speed it up. When we have more information we will let you know. DiscountASP.NET Post Edited (dasp) : 12/15/2004 7:44:05 PM GMT
No, that is incorrect I'm afraid. I opened the ticket up at 7:40am this morning, EST. I asked for a phone call. Yes, I was upset, and had a lot of questions as to how this could have happened. A simple phone call back to me would have gone far to help me understand what steps were being taken to address this issue. For over TWO HOURS I heard NOTHING. Unacceptable! I had to send a follow up note, and the response to that was pathetic: "Dear Sir, Your ticket has been escalated to our system administrator, they will get back to you later today." NO INFORMATION, NOTHING WAS STATED THAT WOULD GIVE ME ANY INDICATION ANYONE WAS LOOKING INTO THIS. I think it was around 3 hours after THAT when my site was hacked AGAIN. I had to send yet another note! The response this time was: "Sir, We are escalating this right away. I will personally bring this up to management to try to resolve this situation." After that I posted this message, thinking that maybe others were experiencing the same thing and that is why tech support was unable to get back to me in a timely manner. At this point I was extremely frustrated, had absolutely NO information from Discount ASP, and was reaching out to the community for the answers that frankly I should have had 5 hours earlier. I've asked every time for a simple phone call so I could talk to a human being and find out what was being done to resolve this. Why is it that I cannot get a phone call? I have to resort to posting here and sending multiple e-mails instead, when if you had only called me as I requested none of this would have been necessary. And the text of your e-mails not only didn't show me that anyone was working on this, it indicated the opposite since it had to be escalated twice! I've been with you now for about a year and a half and for an incident of this magnitude expected a lot more than I received. Your "scolding" reply here only adds insult to injury. If I had received any indication that this problem was being addressed, I would not have felt the need to posthere to begin with.
I should add that I am receiving support now, a tech has contacted me for more information, but this was after I posted the first message, maybe 5 and a half to 6 hours after I opened the ticket this morning.
We are still in the process of investigating this incident. Your earlier tickets were escalated to our system admin team and they are investigating. When we have more information we will let you know. DiscountASP.NET
Apparently the attack came through my use of a program called DUClassifieds. If anyone else is using it please read the response below. While I'm pleased this has been determined, I will repeat that in a crisis situation a little communication goes a long way. I understand that troubleshooting takes time, but being left in limbo with regards to the status of a ticket during this type of scenario is what disturbed me, I have no issues with how long it may take to figure the problem out. E-mail can be slow and frustrating, I strongly urge Discount ASP to consider some type of call back program, even if its just to calm the customer down and offer the current status. As a side note, I would suggest we create a security forum here and ask all the members to list any known hacking data that would be beneficial to the community. Who knows how many other products are out there that may open a hole into our websites? Lets share the data so that we can benefit and learn from each other's experiences. "Dear Sir, Our network security team has completed analysis on the intrusion. This is our findings. Your website uses an insecure software called DUClassified, this software has a security hole that allow uploading of random script. See http://www.security-corporation.com/advisories-026.html According to the log file, the hacker found your website by doing a simple search on Yahoo with Duclassified as keyword. See search string below http://search.yahoo.com/search?p=duclassified&sm=Yahoo%21+Search&toggle=1&ei=UTF-8&fr=FP-tab-web-t&b=71 Through this security hole, the hacker uploaded several defacement scripts, eg. http://poconocommuter.com/DUclassified40/images/h.asp onto your website. The hacker then made an HTTP call to the uploaded script which replaced all your index pages. We suggest you update or remove this application immediately to avoid further intrusion. Let us know if you have other questions."
