February 3, 2004 - TDR servers offline/security

[Steve St.Laurent]

At approximately 5:00 p. m. this afternoon, one of the TDR servers was hacked into. To avoid damage, we immediately pulled our equipment offline and contacted our security consultant to assist in managing this problem. Within two hours, we were able to bring our servers back online.



It is important for users to know that no personal information is stored on our web servers. No addresses, no telephone numbers, no payment information, etc. Personal data on the TDR servers is that which is loaded by the individual TDR user. Note: this security protocol is why it can take 24 - 48 hours for new users to be granted access to the member exclusive areas of the TDR website. This decision was made when the servers were purchased to insure a very high level of security for TDR member information.



We will be monitoring the situation closely and will do everything in our power to stay on top of the situation. We apologize for any inconvenience our bringing the servers offline may have caused today.



Robin Patton

TDR Administrator



Steve St. Laurent

Webmaster

 

[Steve St.Laurent]

I will be watching everything closely. We think we have locked everything up as tight as possible for now. If anything else happens I will take the site offline immediately as we did today, so if the site is not available all of a sudden you will know why. I haven't had a chance to go through all of the log files to trace exactly how he got in but I will be doing that tonight. If you see ANYTHING out of the ordinary please email me right away at -- email address removed -- so I can check it out ASAP. It's gonna be a long night . . . .



-Steve St. Laurent

Webmaster

 

[XcumminsX]

Steve,

Thank you for working so hard and getting the site back up. Hopefully there wont be anymore problems.



Thank you



Nick

 

[PHX ATC]

Rock on my brother. It's guys like you that make this site kick you know what!

 

[klenger]

Thanks Steve. When I saw the message last night about the hack, I knew you would be working on it with the utmost care.

 

[socal_rattler]

Steve, for those of us that run corporate web sites, I would be interested in knowing what you find out about how they got in... . for future reference.



Thanks.

 

[dseabaugh]

So what is the hackers IP address? I think he should get a visit for a little attitude adjustment.

 

[Dkevdog]

I'm guessing Steve is runing on fumes, having been up all night.



Either way, Thanks for your hard work!



Kev

 

[banzaitoyota]

thanks

 

[jcarew]

Hi I,m sorry to hear of your troubles with people hacking at this site, I am not proficient at computers simply enjoy the fruit of your labors, diesels RV,s travel, I hope the misguided individuals find something else to amuse themselves, an leave this site alone. Good Luck Thanks

 

[Jengle]

I hope you caught the SOB responsible for this. Too bad you can't send a return pulse of 240V back down the line to ignite his network card and deprive him of future use of his pc, since it's obvious he doesn't know what the proper use of it is.

 

[onestackdram]

As always steve you are right on top of everything. I just wanted to let you know that your work is extremely appreciated.



Russell

 

[WyattEarp]

I agree with dseabaugh about the IP address, Im off from work tomorrow, need to get rid of some frustration anyways.

 

[Steve St.Laurent]

These attacks didn't even come from his machine guys. This was not your garden variety hacker we were dealing with here. Nothing came from his machine at all - he was doing everything remotely from other people systems he infected with his bots. Go to http://www.grc.com/dos/drdos.htm and read about what a distributed denial of service attack is and you'll understand better. It would cost us a TON of money - possibly into 5 and 6 figures just to trace it to him. On top of that he hasn't even committed a crime because he'd have to do $5,000 in damages before it's considered a crime. We're just glad he went away and hope it stays that way.