webfact Posted April 2, 2012 Share Posted April 2, 2012 'The Phuket Gazette's Facebook page at http://www.facebook....uketGazette.net is showing the following message this morning. Dear Reader,We regret to have to inform you that aftershocks from last week's attack on our website resulted in intermittent slowdowns and disruptions of service over the weekend. While the site continues stable and the attacker has no access to it, we decided late yesterday to shut it down ourselves to enable system updates. We expect the site to be on and off over the next two to three days, during which please bear with us so that we can be back to you with a Gazette Online that is far faster than the one you've known and helped to make so successful over the past 15 years. Best regards, The Webmaster Phuket Gazette Link to comment Share on other sites More sharing options...
Ricci Posted April 2, 2012 Share Posted April 2, 2012 uhm ... attacked ... and me dummy thought it was poor maintenance Link to comment Share on other sites More sharing options...
Kan Win Posted April 3, 2012 Share Posted April 3, 2012 And me thinking it was a April Fools joke Link to comment Share on other sites More sharing options...
RedCardinal Posted April 4, 2012 Share Posted April 4, 2012 Here's the email they sent to registered users: Dear Gazetteer,We regret to have to advise you that your Gazetteer record (for registered Gazette Online members) with us may have been hacked. If so, we can assure you that no financial, credit card, or payment information of any kind is stored on Gazette servers and that you therefore have no financial risk. However, in the unlikely event that your Gazetteer password with us is used for any financial accounts, we would suggest that you now change it. Last night's attack was stopped at 2am and all Gazetteer accounts are now wholly secure. Some of the passwords in our Gazetter database have not been changed for 15 years. If you have not changed yours for more than a couple of years, we would suggest that you now do so – even if you have no reason to suspect that your account has been hacked. One way to know that your record may have been hacked is multiple emails, purporting to be from the Gazette, regarding the posting of two or three news stories on line. If you've received more than one email for any story, then it possible that your record has been hacked. Advertising accounts (both classified and commercial), Adpower accounts, Gazette Guide listings, Newspaper and Digital Gazette subscriptions, Charge Accounts and Events Listings were not in any way exposed to hacking and all user information in those accounts remains intact. We would like to assure you that we have taken appropriate measures to strengthen the security of our site where it may have been exposed, including the installation of what many consider to be the 'annoying' Google Captcha human verification system. This means that users wishing to do the following from or in our website: – 'Send an email to a friend' – 'Send a letter to the editor' – 'Comment' on a story in our forum, or – 'Contact us' will from now on need to verify that they are 'human' by entering a string of difficult-to-read characters before proceeding. However, given the trade-off of a minor inconvenience for enhanced security, we trust you will agree that the latter is paramount. If your Gazetteer record was hacked we are most regretful about it and apologise for the inconvenience. Dean Noble Webmaster Phuket Gazette Basically if you have an account there your password and email was compromised and you need to update. If you use that password elsewhere you need to change that also to be safe. The original thread included these details but has been closed to be replaced by the current thread instead: http://www.thaivisa....gazette-hacked/ Link to comment Share on other sites More sharing options...
stevenl Posted April 4, 2012 Share Posted April 4, 2012 Basically if you have an account there your password and email was compromised and you need to update. That is not what it says in the mail you quoted: "Advertising accounts (both classified and commercial), Adpower accounts, Gazette Guide listings, Newspaper and Digital Gazette subscriptions, Charge Accounts and Events Listings were not in any way exposed to hacking and all user information in those accounts remains intact." Link to comment Share on other sites More sharing options...
steelepulse Posted April 4, 2012 Share Posted April 4, 2012 Gazett's site is down. >>Dear Reader, We regret to have to inform you that aftershocks from last week's attack on our website resulted in intermittent slowdowns and disruptions of service over the weekend. While the site continues stable and the attacker has no access to it, we decided late yesterday to shut it down ourselves to enable system updates. We expect the site to be on and off over the next two to three days, during which please bear with us so that we can be back to you with a Gazette Online that is far faster than the one you've known and helped to make so successful over the past 15 years. Best regards, The Webmaster Phuket Gazette April 2, 2012 Link to comment Share on other sites More sharing options...
robertob Posted April 6, 2012 Share Posted April 6, 2012 It is obviously a SQL injection. Strange that they don't have a back up. They should have restored it by now. Poor web management and security for a gazette website. Obviously their web team don't know what thy are doing. Link to comment Share on other sites More sharing options...
manarak Posted April 6, 2012 Share Posted April 6, 2012 It is obviously a SQL injection. Strange that they don't have a back up. They should have restored it by now. Poor web management and security for a gazette website. Obviously their web team don't know what thy are doing. That's easy to say. Everybody is helpless against zero day exploits. Also, their email shows they likely have a backup, but they don't want to put the database back online until the security has been patched. That being said, passwords should be one-way encrypted, for example using MD5, which makes it impossible for attackers to harvest passwords. Link to comment Share on other sites More sharing options...
SamKong Posted April 7, 2012 Share Posted April 7, 2012 it's getting fairly ridiculous now. one week on, yet no site online. pretty mickey mouse by anyone's calculation, is it not? Link to comment Share on other sites More sharing options...
LivinginKata Posted April 8, 2012 Share Posted April 8, 2012 Topic discussing another company's web site removed. Off the original topic. Link to comment Share on other sites More sharing options...
Somtamnication Posted April 8, 2012 Share Posted April 8, 2012 It does not take long to restore and strengthen the database, but this must be a case of criminal forensics taking their time investigating. Link to comment Share on other sites More sharing options...
pistachios Posted April 10, 2012 Share Posted April 10, 2012 We have there a serious candidate for the webmaster of the year award. Unbelievable I don't know why phuketgazette hasn't hired a decent consultant, that's only a matter of hours to put back the site online. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now