從000webhost空間被黑談使用免費空間的自我保護

佚名發表於2015-11-04

QQ截圖20151104143842

000webhost空間被黑的資訊,最先是透過朋友在部落格留言告訴我的,當時第一個反應就是不敢相信。接著有看到FreeBuf和v2ex關於000webhost空間被拖庫的新聞,基本上可以確定000webhost空間被黑的事實了。現在000webhost官方在FB主頁和官網中都已經證實此事。

作為空間商都有可能被駭客的盯上的可能,但是000webhost空間被黑事情讓我感覺到震驚的原因就是:000webhost空間的1350萬明文密碼洩露,使用者洩露的資訊包括使用者名稱、明文密碼、郵箱地址、IP地址、使用者真實的姓氏,意味著如果之前有在000webhost空間註冊過賬號的都可能被洩露了。

前一段時間網易郵箱被爆出“問題”,部落根本沒有放在心上,因為我現在用的郵箱都是Gmail,以Google的能力在保護資料安全方面還是挺讓人放心的。但是000webhost空間被爆出問題,就讓我非常擔心了,因為我的建站之旅就是從000webhost開始的。

部落格寫的第一篇文章就是關於000webhost內容的,因為當時建站時還是學生,沒有多餘的錢購買付費的空間,加上當時000webhost空間已經在免費空間“圈子”中做出了“名氣”,於是就將部落搭建在000webhost空間上。註冊賬號都是用了自己的常用郵箱、使用者名稱和密碼等。

000webhost 000webhost資料洩露 000webhost被黑 網站最佳化

000webhost空間的1350萬明文密碼洩露,對於我們這些曾經用過它的空間的人來說是非常可怕的,有一個熱心朋友在我的部落格留言說覺得有必要提醒一下大家。確實如此,很多站長都是從免費空間中走過來的,如果你現在用的域名和空間的郵箱都是和000webhost空間一樣的,那麼強烈建議你趕緊修改!

000webhost 000webhost資料洩露 000webhost被黑 網站最佳化

保護域名和主機安全-從000webhost空間被黑談使用免費空間的自我保護

一、000webhost空間被黑事件

1、000webhost空間是免費空間中的做得很有名氣的一家,很多人都申請過000webhost,包括部落自己不止一次介紹過000webhost空間的申請和使用方法:成功申請000webhost免費php空間、000webhost老牌免費空間變化的觀察。

2、000webhost空間目前已強制重置了所有使用者的密碼並且禁用了FTP(As all the passwords have been changed to random values),開啟官網現在也能看到官方的提示:“We have witnessed a database breach on our main server”。

000webhost 000webhost資料洩露 000webhost被黑 網站最佳化

3、點選[Read More]可以看到官方對此次事件的說明。

000webhost 000webhost資料洩露 000webhost被黑 網站最佳化

4、以下是官方說明的英文原文。

What happened? (000webhost hacked)

A hacker used an exploit in an old PHP version, that we were using on 000webhost website, in order to gain Access to our systems. Data that has been stolen includes usernames, passwords, email addresses, IP addresses and names.

Although the whole database has been compromised, we are mostly concerned about the 000webhost leaked client information.

What did we do about it?

We have been aware of this issue since 27th of October and our team started to troubleshoot and resolve this issue the same day, immediately after becoming aware of this issue.

In an effort to protect our users we have temporarily blocked access to systems affected by this security flaw. We will re-enable access to the affected systems after an investigation and once all security issues have been resolved. Affected systems include our website and our members area. Additionally we have temporarily blocked FTP access, as FTP passwords have been dumped as well.

We reseted all users passwords in our systems and increased the level of encryption to prevent such issues in the future.

We are still working around the clock to identify and eliminate all security flaws. We will get back to providing the free service soon. We are also updating and patching our systems.

What do you need to do?

As all the passwords have been changed to random values, you now need to reset them when the service goes live again.

DO NOT USE YOUR PREVIOUS PASSWORD.

PLEASE ALSO CHANGE YOUR PASSWORDS IF YOU USED THE SAME PASSWORD FOR OTHER SERVICES.

We also recommend that you use Two Factor Authentication (TFA) and a different password for every service whenever possible. We can recommend the Authy authenticator app and the LastPass password manager.

We are sorry

At 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn't manage to live up to that.

At 000webhost our top priority remains the same - to provide free quality web hosting for everyone. The 000webhost community is a big family, exploring and using the possibilities of the internet together.

Our leadership team will closely monitor this issue and will do everything possible to earn your trust every day.

Sincerely,

000webhost CEO,

Arnas Stuopelis

5、現在000webhost空間已經關閉了新使用者註冊,開放註冊時間未知。

000webhost 000webhost資料洩露 000webhost被黑 網站最佳化

相關文章