Date: Wed, 4 Feb 2004 22:48:46 -0500 (EST) From: "Keith F. Lynch" <kfl at KeithLynch.net> To: WSFA members <WSFAlist at KeithLynch.net> Subject: [WSFA] Re: WSFA web site up again Reply-To: WSFA members <WSFAlist at keithlynch.net> Ron Kean wrote: > It seems unlikely that a prankster caused the problem; more likely > it was a mistake. A prankster would more typically deface the site, > or alter or delete content subtly. And how would he be able to do that? By making a lucky guess at the password? > I would think it would be standard procedure to verify the > legitimacy of telephoned requests by asking for a passphrase > associated with the account for that purpose, but apparently > the hosting service is not doing that. Evidently not. They didn't do anything to ensure that I was who I claimed to be when I asked them to turn it back on. Of course if I was simply pointing out that it was broken, there'd be no reason to. But how do they know that it wasn't the *real* Keith Lynch who asked them to close the account, and a prankster who asked them to reopen it? It's happened to me before. A prankster claiming to be me closed my clark.net account. (In retrospect I should have left it closed, as the service went downhill shortly after that.) I recently read, in the RISKS digest: Date: Mon, 26 Jan 2004 21:55:32 -0700 From: "Terry A. Ward" <terrywa at elp.rr.com> Subject: [WSFA] "Loss of Identity" theft I was recently the executor of a relative's estate and was shocked to discover that I was able to cancel his private health insurance, his veteran's health benefits, one dozen credit cards, and all of his retirement direct deposit payments with simple phone calls. At no time did anyone ask me to prove that I was who I said I was or whether I had executor power over his estate. I simply presented a plausible sounding story, knew his social security number and his account numbers and was able to close his accounts over the phone. To make it even more interesting our last names are not even the same! > Also, the webmaster should be able to edit the website directly > via its control interface, using a passsword. Thus it should be > possible, once the account is restored, to fix the duplicate files > problem that way. Right. But since it's NT rather than Unix, this would entail copying each file, one at a time, twice each. There are thousands of files, so this would have taken me most of a day. > But the hosting service did offer an explanation of sorts (somthing > about 'migrating'), which further suggests the problem was not > malicious. No, "migrating" was the reason why it wasn't restored right. I'm skeptical, since the IP address and traceroute are unchanged, and since what appeared to change was the directory, not the machine. And, as I said, they botched it, in the sense that there are now two copies of everything. Since they might realize their mistake and repeat the "migration" without consulting us, I guess I had better make any updates to both copies. They claimed the reason it had been down in the first place was because we had asked that the account be closed. If this wasn't a prankster, then probably what happened is some *other* customer asked that *their* account be closed, and hosting.com confused them with us. > Perhaps one lesson to be drawn from this is that the website should > be checked periodically. I do check it every day, except when I'm out of town. For the next few weeks, I'll check it more often. "Michael Walsh" <MJW at mail.press.jhu.edu> wrote: > So . . . to return to a discussion at WSFA . . . would a change of > providers (say to Panix as Keith mentioned) make this less likely > to happen? I think a change to Panix would make it less likely. A change to some other provider might make it *more* likely. That's why I haven't been comparison shopping. I know there are some really cheap hosting companies out there. But you get what you pay for. "Barry L. Newton" <bnewton at ashcomp.com> wrote: > I wouldn't be inclined to jump at the first sign of incompetence, > having made any number of embarrassing blunders of my own. But > by about the third, I'd be willing to concede that a pattern was > emerging, and it might be time to leave. Or, should incident #2 > be catastrophic. It has happened before, most recently twice in April 2002. Of course that may be one or two acquisitions ago. (We started out on mai.net, which was sold to some other company, etc.) That's not counting any short downtimes which may have escaped my notice. I'll scan the logs for any hour in the past two years in which we got no hits at all. We're a popular enough site that that should *never* happen unless the site was down. Of course you have to expect *some* downtime. Sites with guaranteed 99.9999% uptime are available, but we can't afford them. (Well, these days we probably could, but there are probably better uses for the money. (Did you know that people who hosted Fifth Fridays used to be reimbursed?)) -- Keith F. Lynch - kfl at keithlynch.net - http://keithlynch.net/ I always welcome replies to my e-mail, postings, and web pages, but unsolicited bulk e-mail (spam) is not acceptable. Please do not send me HTML, "rich text," or attachments, as all such email is discarded unread.