新闻发布
管理系统000webhost空间被黑的信息,先是通过朋友在博客留言告诉我的,当时第一个反应就是不敢相信。接着有看到FreeBuf和v2ex关于000webhost空间被拖库的新闻,基本上可以确定000webhost空间被黑的事实了。现在000webhost官方在FB主页和官网中都已经证实此事。
作为空间商都有可能被黑客的盯上的可能,但是000webhost空间被黑事情让我感觉到震惊的原因就是:000webhost空间的1350万明文密码泄露,用户泄露的信息包括用户名、明文密码、邮箱地址、IP地址、用户真实的姓氏,意味着如果之前有在000webhost空间注册过账号的都可能被泄露了。
前一段时间网易邮箱被爆出“问题”,部落根本没有放在心上,因为我现在用的邮箱都是Gmail,以Google的能力在保护数据安全方面还是挺让人放心的。但是000webhost空间被爆出问题,就让我非常担心了,因为我的建站之旅就是从000webhost开始的。
博客写的第一篇文章就是关于000webhost内容的,因为当时建站时还是学生,没有多余的钱购买付费的空间,加上当时000webhost空间已经在免费空间“圈子”中做出了“名气”,于是就将部落搭建在000webhost空间上。注册账号都是用了自己的常用邮箱、用户名和密码等。
000webhost空间的1350万明文密码泄露,对于我们这些曾经用过它的空间的人来说是非常可怕的,有一个热心朋友在我的博客留言说觉得有必要提醒一下大家。确实如此,很多站长都是从免费空间中走过来的,如果你现在用的域名和空间的邮箱都是和000webhost空间一样的,那么强烈建议你赶紧修改!
保护域名和主机安全-从000webhost空间被黑谈使用免费空间的自我保护
一、000webhost空间被黑事件
1、000webhost空间是免费空间中的做得很有名气的一家,很多人都申请过000webhost,包括部落自己不止一次介绍过000webhost空间的申请和使用方法:成功申请000webhost免费php空间、000webhost老牌免费空间变化的观察。
2、000webhost空间目前已强制重置了所有用户的密码并且禁用了FTP(As all the passwords have been changed to random values),打开官网现在也能看到官方的提示:“We have witnessed a database breach on our main server”。
3、点击[Read More]可以看到官方对此次事件的说明。
4、以下是官方说明的英文原文。
What happened? (000webhost hacked)
A hacker used an exploit in an old PHP version, that we were using on 000webhost website, in order to gain access to our systems. Data that has been stolen includes usernames, passwords, email addresses, IP addresses and names.
Although the whole database has been compromised, we are mostly concerned about the 000webhost leaked client information.
What did we do about it?
We have been aware of this issue since 27th of October and our team started to troubleshoot and resolve this issue the same day, immediately after becoming aware of this issue.
In an effort to protect our users we have temporarily blocked access to systems affected by this security flaw. We will re-enable access to the affected systems after an investigation and once all security issues have been resolved. Affected systems include our website and our members area. Additionally we have temporarily blocked FTP access, as FTP passwords have been dumped as well.
We reseted all users passwords in our systems and increased the level of encryption to prevent such issues in the future.
We are still working around the clock to identify and eliminate all security flaws. We will get back to providing the free service soon. We are also updating and patching our systems.
What do you need to do?
As all the passwords have been changed to random values, you now need to reset them when the service goes live again.
DO NOT USE YOUR PREVIOUS PASSWORD.
PLEASE ALSO CHANGE YOUR PASSWORDS IF YOU USED THE SAME PASSWORD FOR OTHER SERVICES.
We also recommend that you use Two Factor Authentication (TFA) and a different password for every service whenever possible. We can recommend the Authy authenticator app and the LastPass password manager.
We are sorry
At 000webhost we are committed to protect user information and our systems. We are sorry and sincerely apologize we didn't manage to live up to that.
At 000webhost our top priority remains the same - to provide free quality web hosting for everyone. The 000webhost community is a big family, exploring and using the possibilities of the internet together.
Our leadership team will closely monitor this issue and will do everything possible to earn your trust every day.
Sincerely,
000webhost CEO,
Arnas Stuopelis
5、现在000webhost空间已经关闭了新用户注册,开放注册时间未知。