Newspaper site pulls plug after 'sustained' hack attack
South African newspaper The Mail & Guardian pulled down its website on Wednesday to protect readers against “sustained attacks” that attempted to infect them with malware.
Online editor Chris Roper told The New Age that the hackers had been conducting phishing attacks on the site and the worry was that someone would be duped. He said he hoped to have the site back online in the next 36 hours. The site remained inaccessible at time of writing.
“We are in crisis management to get the site up,” he was quoted as saying. “We've been combating them for a week or so but we got to the point now where we don't want to compromise our users.”
In a series of tweets, Editor Nic Dawes said the attacks came from Russia and caused his site to carry “scams, malware, etc.” He said his paper's “code warriors are making good progress cleaning out the bad guys, with help from the inevitable Red Bull and Pizza.”
Representatives of the paper have yet to say how the hackers got in.
The attack comes as malware pushers and other scammers have stepped up attacks on legitimate websites over the past few years. Once upon a time, they set up dedicated sites to infect unwitting end users, but as Google and other services have gotten better at identifying such threats, criminals have increasingly turned to popular websites with security weaknesses. ®
RE: End user
I also use a custom private mail server - which still gets zero spam.
But to help this I used another domain with custom addresses (generally the company name) for each and every company I give an email address. I use a generic one for friends and family as that would cause confusion, but very very few people do I ever give out my actual private email address to.
That way I can identify exactly where a spammer got my email address from, companies that pass on my email without consent for marketing purposes and of course and chop them all off instantly without affecting any other email.
Surprisingly, most companies are very good, but there have been a few that have obviously passed on my details to other companies for marketing purposes without my consent.
A sign of gross incompetence
So the newspaper takes the site down because they have nobody with the skills to secure their site?
Re: End user
You have hit the nail on the head in your closing para there.
Greylisting works, as you know, by exploiting the standard "busy now, try again later" function of mail. The botnet clients don't implement a full mail service and merely pump out their spam on a "fire and forget" basis. Once the scrotes have "real" mail servers at their disposal (either theirs or, more usually, someone else's) greylisting only slows spam delivery down and worse still *increases* spam traffic as a lot of it gets sent twice!
You'll probably find that your "HSBC" mail came from a pwned or bot generated webmail account and was different enough to previous variants that your antispam system didn't spot it.
I've said it before and I'll say it again. The webmail services *really* need to admit that they are always going to suffer from account pwnage and start running spam filters over Outbound messages to mitigate the problem. If they don't, then the corp boys are going to blacklist their arses (I've already had one "don't try to contact us using Hotmail as we won't be listening" missive from a business partner). It's in their own best interests too. For example, I'd like to see 'em work out how to sell Google Office for business use when everyone in business with their own mail servers has Gmail blacklisted as a source....