Printable Version of Topic

Posted by: LS Support Feb 16 2014, 05:11 PM

as seems common over the past 16 years, the site has been hacked. unfortunately, this could spell trouble for the future existence of the website since the host will likely pull the plug if it happens again. please realize this site is a very important part of my existence. i will do what i can but mean people always seem to win. if we go down again, all i can say is keep checking.

Posted by: LS Support Feb 16 2014, 06:51 PM

i also needed to adjust some settings to help secure the site more. the one you will notice most is your visit will now time out in a shorter period of time. you will need to login daily, we'll see how it goes for a while.

Posted by: LS Support Dec 5 2014, 04:38 PM

well it looks like we are getting hacked again (denial of service DoS) from china, russia and other fun places. the forum board is back up now for the time being. i do not expect other shutdowns but these things generally do not go away on their own. which means at some point we may be down again for a little while or a long while. fingers crossed, don't know why hackers would want to hurt a site like L-S.

p.s. this problem will not affect you or your computer personally, other than causing a nuisance logging in when the site goes down.

Posted by: Jon730 Dec 29 2014, 04:17 PM

Most individual sites, including my business and personal sites used shared hosting space on a server drive. There could be hundreds, even thousands of sites on one server. So you (we) were sharing space on sites of interest- like small businesses with credit card payment gateways, or political sites that act like lightning rods, or gaming sites that attract l33t hackers.
We are of no consequence, and are mere collateral damage, like civilians in a combat zone. It's rarely personal.
I had a hack attempt on one of my commercial sites.
As I said to my hosting company
"We know where the servers are where they sell stolen credit card numbers.
We have cruise missiles.
WHAT'S THE PROBLEM!!???"

Posted by: LS Support Dec 30 2014, 01:59 AM

I agree, and this forum's older software may even provide entry points. I've tried to lock it down best I can but you know how that goes.

Posted by: Jon730 Jan 17 2015, 07:39 AM

The attack I had was a "Brute force" attack, sending millions of password guesses. This spiked the server load, and I got an automatic notification from my hosting company. We are on a business/enterprise class commercial server.

Here is what my hosting company did.
They put a Bot Crawl Delay on my server. After so many hits, it puts in a delay of 3 seconds or more. Now, a malicious bot that was hitting the serve maybe hundreds of times a second, was S L O W E D to a crawl, and finally gives up and disconnects- Or even better, sits there wasting its time and not attacking other sites.

You are not a commercial site selling anything. You do not NEED SEO. You do not need Google et al hammering your site either.

Think of it this way. A fast talking pushy salesman is at your door. Suppose you forced him to count to ten in between every word he said.

How long would he stick around?

Posted by: LS Support Jan 17 2015, 02:50 PM

all good points, i'll pass this by the host to see what they say. i share the server with 8 other accounts, most of which are pretty small. you would think the host would do this on their own.