Coming back from a hack, Letter from the Administrator

From September 15th to the 26th Ride Safe experienced a brutal and ultimately fatal brute force hack of our website.  Some time within the last 24 hours major portions of our database and wordpress architecture were drastically altered and then the FTP accounts deleted.

This resulted in a total corruption of the former version of Ride Safe.

This is the seventh time we have been hacked since launching Ride Safe.

Typically the previous attacks were simple to overcome.

This one however delivered a level a destruction to our database that was impossible for us to overcome.


Good news and bad news.


Bad news first:

1- We can not rebuild the ride safe website as it was.
It was subjected to massive content rescripting, malware inserts and backdoor drops through out it’s architecture.
The new site will be an entirely new wordpres install. 1and1 has given us 1 free database security card that I have already tied to this new install. This plus a new means of display and access along with a weekly clone backup of the site on physical drives will ensure this never happens again.

2- The senators and assembly reps in Wisconsin that were looking up the website for reports over this last week saw either malware or dead pages. This was essential to stopping a new legislative proposal that would have revived the same taxi deregulation laws that have destroyed taxi markets in Iowa, michigan and Texas by deregulating them and literally handing the entire market over to rideshares and falsified commercial carriers.

3- Rydehub, our public domain ride hail project was destroyed entirely. I will have to rebuild the app and the entire architecture from the ground up.

4- All membership information was pilfered entirely. However IP addys were not accessed. Needles to say, if you had an account on Ride Safe and you use the same passwords anywhere else, you better change your passwords ASAP.

5- All articles and pages were lost. They will have to be recovered from what samplings we can pull from the internet archive, our emails, pdf saves and anyone out there who took pdfs of the website.


The good news:

1- All uploaded content was saved. (pictures, recordings, ext)

2- All plate reports were saved.

3- The Stultz report, criminal incident report cards and industry comparison charts were saved.

4- All content uploaded to the front end file manager was saved.

5- All petition signatures were saved.


What caused this:

1- Having the site on open registration allowed several hundred scammer accounts to root. Though I had shut down open registration, I was still picking through thousands of accounts years after launching ride safe to delete inactive users.

2- INACTIVE ADMINS AND AUTHOR accounts left high access accounts open for exploitation by hackers.

3- Link adages to articles without filtering. From now on articles will have to be generated offsite if they are to contain external links.
Even the most legitimate news sources are starting to carry malware content in their links and it carries over to websites that source them.
Another means of curtailing this will be to take PDF captures of articles we source instead of externally linking to them.

Remember that net neutrality in the US is virtually dead now.

This means ISPs and large domains can do virtually what ever they want if they pay enough and distribution of damaging malware is high on the list of “anything” as it makes them additional money.

4- Our enemy is simply VERY powerful and has a lot of resources to do this again and again.
Thanks to Eileen Cruz we actually have better log IP and time log info on when and how these hacks were done.There is a good amount of data. It is showing so far that this was 60% mallware 40% targeted to shut us up. That 40% tipped the scales to this final result and eventually got to the FTP account (file system control) and deleted it after rewriting the main index for the entire site.

5- Bad plugins and poor security measures.
Months ago, I had to drop the monthly service fee on our server account because we simply did not have the money for it.



Be the first to comment on "Coming back from a hack, Letter from the Administrator"

Leave a comment