Tuna got hacked

That's our wonder department of homeland security for you

LOL - homeland security is suppose to protect small private businesses from website hackers? Do you want to nationalize our network infrastructure?

Anyway - glad Tuna is back up. I'd spent the $ on site security going forward instead of chasing down the guys in hindsight.

You need a minimum of $5000 of damages to have the feds be interested. They post their info because they hide behind foreign proxies which do not hold access records. You are SOL you wont recover anything or get prosecution on anything.

Since Tuna deals in AGD stuff, I'll bet it was a hit planned by the Gardners....or maybe I am just being silly

It is sad when people use their talents to harm instead of do good, and seriously, to a paintball site? Why not a something larger or more important (not that tunamart isn't, as I have spent hundreds of dollars on tuna's stuff)?

Its not their job to protect private websites...I just think it's DHS that is in charge of investigating hacking attempts because they were classified as national security issues.

For a while it was the secret service, then it was passed onto the FBI. I'm pretty sure after the PATRIOT act it went to DHS. I could be wrong though, it might depend on different factors.

I do know that people whose websites have been hacked rarely get any satisfaction from law enforcement. THere's thousands of these happening a day. Most of them are automated. This guy was probably scanning IP addresses, found a web server, checked it for known security holes and launched an automated attack.

It's illegal, but since most of these come from over seas it's almost impossible to track them down to prosecute.

You've got it all wrong, their job is to help create a police state where people are regularly searched and asked for "papers" without due cause.

Sorry Tuna. I hope you get everything working without any issues. I'll be sending you that package this week to work on.

Tuna don't waste your money on a partial incident response. $500 would only get the process started. And if you have brought the server back online, you have probably done irreparable damage to the evidence. Unless you yanked the drives and rebuilt the server on new drives, then you may have some stuff.

It's really not worth it in any case. Use it as a learning experience.

Some things to keep in mind:

Patch early and patch often. Regular patching gets you a lot of bang for the buck, so to speak. There is always a chance a patch will break something, but staying up to data on security patches should be a priority.

Probably the next best thing is to send the logs off the same server so if the web server is compromised, the log server has the log data safe.

If possible a restrictive firewall ruleset in front of the server is a good idea. Thing like not allowing anything other than tcp 80 and 443 in from the world. Also not allowing anything out (unless needed).

Beyond that you can start to spend real money for minimal gains. IDS, IPS, WebAppFW, audits, pen tests... They all have their place, but are not really worth it for a small site.


One major thing WRT recovery: make sure the server was rebuilt from scratch from trusted media. Make sure any user access stored in a database or flatfile has been checked for extra accounts. Make sure to change ALL passwords for all accounts on the system.

hmm seems to be this ahmadso is notorious for hacking websites i googled his name and found other sites he took down by hacking them the email is also verified to be 100% legit and working to.

Spent the last 4 nights browsing the mart.. over and over and over... You know, like those lost children in a toy store... Then bam... Eggs.

I thought Tuna was doing an upgrade or something...

Damn man, good luck with getting this sorted out... mostly cause I want to get lost again. :)

I have seen that same thing or very similar dozens of times on the internet. Its nothing specific to tunaman. They use programs that just search the internet for websites with weak spots, and hack them. I think the whole muslim extremist thing is just something the creators thought would create a big stir, expecting people to actually believe it. but ive seen this same thing for years now. happened to a counter strike forum I use to belong to, also happened to a racing forum I was on.

Whole point is to just cause people trouble.

happened to our 6th Fallschirmjaeger Oklahoma D-Day forum early this year.

Tuna is back! I am happy again

Thank you Dave Roselle of Roselle Communications. These guys work fast and very efficient. If anyone needs Hostiing Services for a great price and great service please check them out.

I can't imagine someone spending thier free time hacking websites, modern warfare is much more fun if you're just trying to blow off a few hours

Breaking the law is due cause. So much paranoia.