About 3:45 this afternoon I got an automatic message that there was a new post on the forum – and it included the text. It was clearly an attack, so I took immediate action to both remove the post and the poster. The irony, of course, is that I review each account before allowing people in – and this poster took the time to complete the information. I had a suspicious feeling, but went ahead and approved the account anyway.

We’ll call that the First Lesson Learned: trust your instincts

Well, I didn’t get to the board in time, and the hack was successful; we’re currently working now to cordon off the forums and are assessing the damage to the system. However, as we’re walking through the server, we’re noticing several mistakes that I/we have made in hardening our server.

So I have confirmed that even the slightest mistake or oversight allows an attacker with time and patience the opportunity to strike. I’m flattered that someone thought the work we are doing to be worth investing the time to manually subscribe to the board, pose as a legitimate user and then execute an attack against our forum software.

So what now?

Well, we’re completing our damage assessment. To be honest, we have no clue if anyone has direct access to the server or if this was an attack on the software only. Clearly, we’ll take the forums down for a few days. It’s upsetting since we were just picking up speed; during that time, we’ll be assessing the situation and determining if we continue with the Invision software or move to a different platform. Ideas, comments and suggestions are certainly welcome.

To be on the safe side, we consider the current server to be a total loss. We do make regular backups and will be securing and transitioning to a different server over the coming days… and maybe a bit longer. As usual, this never happens at a “good” time, but it points out that even security people are vulnerable. And the depth of information required to be good across the board is deeper than an inch 😉
So, I’ll take notes on our actions and lessons learned and share them with you. I may wait a bit, document it, reflect on it, and then package it up to share. In the meantime, I have learned that nobody is perfect and now it’s time to learn some new aspects of server hardening.

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.