PokeBeach Hacked, Next Steps for the Site (opens in new tab)

(pokebeach.com)

29 pointsgabythenerd4y ago20 comments

20 comments

12 comments · 6 top-level

sova4y ago· 4 in thread

Wow that really sucks. I'm sorry this happened to you guys. Hopefully you've got a backup on a USB somewhere. If not, all the best with working on a brand-new site! =)

jszymborski4y ago

A mitigation for this sort of thing is for your production server (A) to only have very limited permissions to your backup site (B).

It's not a panacea, because hackers will be able to push arbitrary things, but you're greatly reducing your surface.

ev14y ago

This is a pokemon fansite that's old enough to drink that was just running on xenforo and wordpress. There probably is no "production vs staging" or immutability or ZFS snapshots, or large amounts of engineering going on.

1 more reply

nwilkens4y ago

Immutable S3 storage is another method that we deploy when backing up servers like this..

https://docs.aws.amazon.com/whitepapers/latest/aws-security-...

Further, we also use Veeam to backup Linux servers.. a high level read on how it works with immutable storage:

https://www.veeam.com/blog/v11-immutable-backup-storage.html

newnamenewface4y ago

Seems like all* you need is to have production be able to push a new backup with a cool off period of a non-negligible, not-too-long period.

*Please point out how wrong this is.

2 more replies

vmception4y ago· 1 in thread

So the only mistakes the hacker made was not waiting for the download to complete before trying to get greedy

The paypal switcheroo was dumb too

Andrex4y ago

Script kiddies haven't changed much in ~15 years. :)

ezoe4y ago· 1 in thread

>The team first reverse-engineered our backup script to delete all of our offsite backups.

I guess the permission should be one way. The production server can only push data to backup server, never to delete or overwrite anything even if it wanted to.

qeternity4y ago

Append only. This is the First Law of Backups.

squeaky-clean4y ago

Wow, pokemon cards as ransom, that's a new one for me. The post doesn't say how much later the message was sent, so it could possibly be a troll who noticed the website was missing data. But still that's quite a story. Sorry that happened to you guys.

personjerry4y ago

Perhaps archive.org can provide some of the missing articles?

endigma4y ago

what software introduced the vulnerability? it seems sorta odd to write an article about this and not warn others how to prevent it or document exactly what went wrong

j / k navigate · click thread line to collapse