4,800 DistributeIT sites “unrecoverable”

By
Renai LeMay
-
15

Beleagured domain name seller and web hosting group DistributeIT today informed customers who had sites hosted on a number of its servers that their sites and emails were now considered “unrecoverable”, as fallout continued to rain down from a disastrous hack on the company’s infrastructure over the past several weeks.

In a blog post updating customers about the hack, the company said the affected servers were named ‘Drought’, ‘Hurricane’, ‘Blizzard’ and ‘Cyclone’.

“While every effort will be made to continue to gain access to the lost information from those hosting servers, it seems unlikely that any usable data will can be salvaged from these platforms,” the company wrote. “In assessing the situation, our greatest fears have been confirmed that not only was the production data erased during the attack, but also key backups, snapshots and other information that would allow us to reconstruct these servers from the remaining data.”

The company further advised customers that it no longer had sufficient resources within its web hosting platform to transfer the 4,800 affected domain names and accounts that were using the shared servers.

“This leaves us little choice but to assist you in any way possible to transfer your hosting and email needs to other hosting providers,” the company wrote, thanking those “loyal customers” who had stuck by it over the period. “Much soul-searching and thought has gone into taking this course of action, but at this time we cannot see any alternatives for the affected servers.”

The news is the latest impact of a hack attack on DistributeIT’s servers which the company has stated took place on June 11. It has labelled the attack “a deliberate attempt to take down the DistributeIT business” rather than an attempt at stealing data, with the attackers setting out to do as much damage as possible to the company’s systems.

“The attack was very swift, precise and lasted only a short duration and was targeted towards destroying drive header files, therefore maximising the impact in the short time they had before our engineers shut down the network,” the company wrote last week.

The company is understood to have a number of resellers located throughout Australia who have also been affected by the hack.

DistributeIT itself appears to be using publicly available hosting and communications infrastructure — Google’s Blogger platform and Gmail email platform — to communicate with customers over the issue. An extensive thread on the forums of broadband forum Whirlpool has so far garnered 68 pages worth of complaints and discussion about the issue.

Image credit: US Government, Creative Commons

Related posts:

  1. Ministers confirm DistributeIT hacking link
  2. ‘Evil’ hacker also DistributeIT culprit, claims firm
  3. AFP won’t confirm DistributeIT hacking link
  4. Netregistry buys Distribute.IT
  5. AAPT: Multiple Brisbane co-lo sites “under threat”

15 COMMENTS

  2. Oops-a-days…

    …while I’ve never had any problems with my hosting provider, I regularly run a remote script that bundles everything up – (files, SQL, everything) – into a tarball that then gets downloaded to my server at home, and copied onto my desktop machine, and laptop.

    Three automatic copies of everything. Once a month I burn a copy onto DVD and leave it in my draw at work.

    That said, these guys need to be – (and will be) – shot to death in court by many customers.

    “ShortlyToBeExtinctIT”

  3. Appalling how the complete lack of any standards applied to backup, or disaster recovery has been made. Forget the recovery part of the disaster recovery, they really should not be in business. The reputation hit has got to be fatal.

    • I dunno, this sounds like the sort of targeted attack that really tried hard to destroy everything. Having said that …. there perhaps should have been off-site tape backup, at least, from a month or so ago.

      • @Renai – why is it not cloud if you are talking server names?

        Without knowing the architecture, a server name can be anycast with hundreds of instances distributed globally, or(and) resolve to multiple IPs in DNS:

        $ dig google.com A

        ;; ANSWER SECTION:
        google.com. 171 IN A 64.233.183.106
        google.com. 171 IN A 64.233.183.147
        google.com. 171 IN A 64.233.183.99
        google.com. 171 IN A 64.233.183.103
        google.com. 171 IN A 64.233.183.104
        google.com. 171 IN A 64.233.183.105

  6. Playing devil’s advocate here, without knowing their terms in particular, I’ve seen enough hosting contracts to know they frequently don’t include backup at all. The hosting company is responsible for hosting, data always belongs to its owners. It sounds very much like they had adequately protected against operational corruptions and the usual hardware failures.

    It would not surprise me at all if the law suits which will no doubt come; focus on their failure to secure the environment, NOT their failure to backup the data.

    Of course it’s possible that even a half assed backup strategy might have saved the company from the total destruction that now seems imminent.

  7. I use DIT for my domain name purchases I don’t have shared hosting with them.
    Distribute IT are great to work with and have never given me any grief.
    I am sure that the security associated with their hosting would have been industry standard which makes this attack all the more disconcerting for all hosting providers as this could happen to any one of them.
    This is a malicious attack that scares the bejeebies out of me and many people I am sure.
    The backup policies of all hosting providers will be a priority because of this attack.
    Give DIT some space to grieve cos this is a massive blow to the company.

    I hope there is a way to find the culprits, all providers and clients should get behind DIT at this time.

    • “I am sure that the security associated with their hosting would have been industry standard”

      That’s not even the issue. There is no such thing as 100% security, and hacking is only one of several risks faced by an online business. That is why offline and off-site backups are crucial – absolutely anything which is online can be destroyed, and that’s not even taking into account physical threats (eg theft of servers, data centre burns down). The lack of a robust backup/DR procedure is what killed this company, NOT the hackers.

      The above commenters are correct in that the customers also have a responsibility to protect their data; I certainly make sure I have my own backups of my web sites, even though my provider claims to perform nightly backups. But that won’t save DistributeIT.

  8. If you are the owner of a website and have lost it all because you didn’t bother to do backups of your own data and just assumed that the web hosting company would do that for you, then you need to take a good long hard look at yourself before blaming others.

    I hate to speculate, but this just stinks to high hell of a disgruntled ex-employee. I realise that the website was defaced and claimed to be the work of a foreign hacker, but this could just be someone local trying to throw investigators off the trail.

Comments are closed.