Jump to content

Please Note: Message From Phuket Gazette Webmaster


Recommended Posts

Posted

'The Phuket Gazette's Facebook page at http://www.facebook....uketGazette.net is showing the following message this morning.

Dear Reader,

We regret to have to inform you that aftershocks from last week's attack on our website resulted in intermittent slowdowns and disruptions of service over the weekend. While the site continues stable and the attacker has no access to it, we decided late yesterday to shut it down ourselves to enable system updates. We expect the site to be on and off over the next two to three days, during which please bear with us so that we can be back to you with a Gazette Online that is far faster than the one you've known and helped to make so successful over the past 15 years.

Best regards,

The Webmaster

Phuket Gazette

Posted

Here's the email they sent to registered users:

Dear Gazetteer,

We regret to have to advise you that your Gazetteer record (for registered Gazette Online members) with us may have been hacked. If so, we can assure you that no financial, credit card, or payment information of any kind is stored on Gazette servers and that you therefore have no financial risk. However, in the unlikely event that your Gazetteer password with us is used for any financial accounts, we would suggest that you now change it.

Last night's attack was stopped at 2am and all Gazetteer accounts are now wholly secure.

Some of the passwords in our Gazetter database have not been changed for 15 years. If you have not changed yours for more than a couple of years, we would suggest that you now do so – even if you have no reason to suspect that your account has been hacked.

One way to know that your record may have been hacked is multiple emails, purporting to be from the Gazette, regarding the posting of two or three news stories on line. If you've received more than one email for any story, then it possible that your record has been hacked.

Advertising accounts (both classified and commercial), Adpower accounts, Gazette Guide listings, Newspaper and Digital Gazette subscriptions, Charge Accounts and Events Listings were not in any way exposed to hacking and all user information in those accounts remains intact.

We would like to assure you that we have taken appropriate measures to strengthen the security of our site where it may have been exposed, including the installation of what many consider to be the 'annoying' Google Captcha human verification system. This means that users wishing to do the following from or in our website:

– 'Send an email to a friend'

– 'Send a letter to the editor'

– 'Comment' on a story in our forum, or

– 'Contact us'

will from now on need to verify that they are 'human' by entering a string of difficult-to-read characters before proceeding. However, given the trade-off of a minor inconvenience for enhanced security, we trust you will agree that the latter is paramount.

If your Gazetteer record was hacked we are most regretful about it and apologise for the inconvenience.

Dean Noble

Webmaster

Phuket Gazette

Basically if you have an account there your password and email was compromised and you need to update. If you use that password elsewhere you need to change that also to be safe.

The original thread included these details but has been closed to be replaced by the current thread instead:

http://www.thaivisa....gazette-hacked/

Posted

Basically if you have an account there your password and email was compromised and you need to update.

That is not what it says in the mail you quoted:

"Advertising accounts (both classified and commercial), Adpower accounts, Gazette Guide listings, Newspaper and Digital Gazette subscriptions, Charge Accounts and Events Listings were not in any way exposed to hacking and all user information in those accounts remains intact."

Posted

Gazett's site is down.

>>Dear Reader,

We regret to have to inform you that aftershocks from last week's attack on our website resulted in intermittent slowdowns and disruptions of service over the weekend. While the site continues stable and the attacker has no access to it, we decided late yesterday to shut it down ourselves to enable system updates. We expect the site to be on and off over the next two to three days, during which please bear with us so that we can be back to you with a Gazette Online that is far faster than the one you've known and helped to make so successful over the past 15 years.

Best regards,

The Webmaster

Phuket Gazette

April 2, 2012

Posted

It is obviously a SQL injection. Strange that they don't have a back up. They should have restored it by now. Poor web management and security for a gazette website. Obviously their web team don't know what thy are doing.

Posted

It is obviously a SQL injection. Strange that they don't have a back up. They should have restored it by now. Poor web management and security for a gazette website. Obviously their web team don't know what thy are doing.

That's easy to say.

Everybody is helpless against zero day exploits.

Also, their email shows they likely have a backup, but they don't want to put the database back online until the security has been patched.

That being said, passwords should be one-way encrypted, for example using MD5, which makes it impossible for attackers to harvest passwords.

Posted

We have there a serious candidate for the webmaster of the year award. Unbelievable :D

I don't know why phuketgazette hasn't hired a decent consultant, that's only a matter of hours to put back the site online.

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...