servers softlayer & onlinenic [twice] hacked over 8 week period advice
what a crazy 3 months
SOME OF WHAT I AM POSTING IS WITHIN A POST WHERE I REQUESTED ASSISTANCE WITH HOSTNAME/DOMAIN CHANGE. BUT I THOUGHT IT IMPORTANT ENOUGH TO PLACE A THOROUGH LOG OF EVENTS HERE.
I MUST STATE THAT NO PASSWORDS WERE STORED ON COMPUTERS, NONE WHERE EMAILED OR GIVEN OUT. I MAKE UP PASSWORDS ON A OFF LINE MACHINE THEN PLACE ON A THUMB DRIVE ON MY NECK.
THE ONLINENIC EVENTS ARE THE MOST IMPORTANT, I AM IN NEED OF RECOMMENDATIONS OF RESELLER PROGRAM FOR DOMAIN NAMES ... I USED BULKREGISTER IN 1990'S AND SINCE 2002 ONLINENIC.
I HAVE 18 YEARS OF HOSTING AND SERVER ADMIN UNDER MY BELT. [THANKS TO THIS FORUM]
ONLY 4 TIMES WERE WE EVER HACKED in 18years . THOSE WERE IN THE LATE 90'S AND 2003 AND WERE SINGULAR WHILE WE OPERATED 3 TO 5 MACHINES..
I USE ALL OF THE SECURITY PROGRAMS AVAILABLE FOR CPANEL / LINUX. I USE KEYS FOR ROOT/SHELL, ALL OTHERS ARE LOCKED OUT.
PASSWORDS ARE INTENTIONALLY DIFFICULT LIKE:
un^WN<[b>L4c3t(Hsem=FzC$7+hwV>
WE NEED TO MOVE OUR APP 70 DOMAINS OFF ONLINENIC ANY INFO CONCERNING "A LIKE EXPERIENCE" WOULD BE APPRECIATED.
any questions or answers as to the freak of 3 separate hacks would be appreciated. we have clear wireless internet at the studio. and hard link at the house.
even though we have not offered opportunity as to passwords,
we use Clear Wire at studio. it is not encrypted.the iother night i was alone at studio working on a rolex. i lleft at 11pm. there was a person with a lap top in the parking lot/ no one else. when i looked t him he left..
we have a wireless network, but machines are hardwired into router.
events
1- Oct 15 2013 two servers WERE hit. deletion of all accounts FROM WEBHOSTMGR
these were surely full secured with everything but a pit bull,
2- restored from scratch installed security, cxs, csf, modsec, every thing that can be accomplished. off site backups installed took 3 weeks to get back to normal,,,
3- theY then hit softlayer, DEC , gained access to our account and placed a request for profile up date !!! with request to change passwords on our servers to":iloveyou#er"
Imagine, from hardcore 20 digit passwords to I LOVE YOU. softlayer went and changed the profile and server passwords. lucky they could not gain ROOT access due to keys for root AND THE FACT I CAUGHT IT LIKE MIDWAY FAST.
I was upset when i read the ticket these hackers placed, because we have 800 # and I requested no profile changes without call, on the ticket softlayer said they were going to call .. they did not
4- they then hit online nic. it took almost a week before --after providing every email from onlinenic since 2002 and license and a ton of "stuff" -- they sent new pass.
i logged in, all was fine except they bought three domains with my balance money. I changed passwords in SSL. I
then placed pass on my thumb drive around my neck. no emails, no writing down, no giving them out!f
5 full server checks, file checks, sweeps on all directories and accounts.. breathing fresh air.
though it took 1 1/2 weeks to check and monitor -
we had now lost close to 6 weeks of income. i could not restore vintage watches while working on servers and re formatting over 90 gigs of data representing 15 yeas online
6- December 24th, I am happy, taking a week off. arrive home from studio, login to domain.com.. no site just.. redirection! try domain2.com redirection, try domain3.com redirection. [actual name of ns was ms.domain4.com] logged into main server name domain5.org, redirected. domain6.com redirected.
so, I use IP to gain access to webhostmgr. IP also pulls pages and sites. use key for root shell, nothing altered
I then whois and find domain7.org has been re-registered that day,
I begin contacting onlinenic. I opened ticket, reminding them of break in several weeks prior. Dec 24th Dec 25th Dec 26th Dec 27th over 40 tickets chats tickets chats. I say- can you at least restore the names servers that had been altered?
finally, on the 27th through chat they asked what ns. I say domain7.org ns and ns2, they say you do not own the domain.
I then send all the emails for 12 years. I send the last update on Sept 9 2013 for the domain renewal through our account. i was having heart attacks because we are losing money, with 35000 pics of my works off line, ebay no pics and my time trying to get into onlinenic account..
finally, they sent a pass but the domain was hijacked so pass was going to hackers
so they reset and placed it in chat window
I gained access pulled the records for payment in olinenic. I then sent a ticket with proof once more and with the question how did anyone hack the account when the pass was never sent given exposed and was a 20 character difficult pass? I questioned whether it was internal.
an hour later the domain domain7.org was back
this is after I set up secure.domain5.com, set up and registered name servers , and hand updated 62 domains as well as SSL and everything you have to do to change the server domain and name.
for any of you out there. we used bulkregister back when, online nic since 2002.
with two "break ins " in 6 weeks or so. -- I am telling you the passwords were set in ssl on onlinenic.and were not recorded but on an off line computer directly to a thumb drive that I wear even in the VA hospital!
we need to find a good domain name reseller program we can transfer our 70 domain names to.
please advise if you have an answer. I am freaking out. two "break ins" ? this last time 4 days we sat freaking out losing money and worrying ,, without access, we could not pin it down. changes made did not show right away. so it was checking servers and pleading for access
thanks in advance
rock
