[Primaryit] VITTA web site downtime: How, Why and Apologies.

Donna Benjamin donna at vitta.org.au
Tue Sep 18 09:01:55 EST 2007 

(please forgive cross posts of this announcement)

Creative Contingencies manages much of the ICT infrastructure supporting
VITTA's operations, including the server that hosts VITTA's web
services. A little over a week ago, we discovered an illegal financial
phishing scam website on our primary server, which hosts a range of web
services, including those belonging to VITTA.

After attempts to neutralise and remove the unauthorised site failed, we
were left with no choice but to perform an emergency backup and shut the
system down, to ensure no private or confidential data would be
compromised.

Because this was a security incident, and not a hardware, or software
failure, it was inappropriate to restore from backups whilst we lacked
knowledge of the security attack vector, as the possibility existed for
the intruder to simply regain access, and damage the system in
retaliation for shutting down the phishing site. 

In our view the only course of action was to shut the server down
entirely, and build a new system from the ground up.

Due to earlier server trouble, we ordered a new server on the Friday
prior to this attack being discovered, and hoped it would be ready for
deployment on Tuesday, 11 Sep. However due to unforeseen difficulties
with the new hardware, it was not deployed until late Thursday evening.
We spent all day Friday rebuilding the operating system, and software
environment to restore services. Due to new security measures this also
took somewhat longer than expected.

Most of VITTA's web services were restored by Saturday morning. However,
due to having been assigned new IP addresses, some sites may not have
been accessible until the global DNS system updated. All services should
now be fully functional. 

We deeply regret this incident, and the considerable inconvenience it
has caused the ICT education community at a critical time in preparing
senior students for assessment. Please accept both our sincere apologies
and assurance that we were working hard to restore services as quickly
as possible, within a framework of increased security measures.

If you have any further difficulties accessing VITTA's websites, please
contact the VITTA office on 9495 6836 or email feedback at vitta.org.au
outlining any error messages you receive. 

Donna Benjamin - Executive Director
Peter Lieverdink - Technical Director
Creative Contingencies

-- 
Have you seen VITTA's newest resources?
PHP & MySQL - http://www.vitta.org.au/php
VCE IT Practice Exams - http://www.vitta.org.au/practiceexams

Victorian IT Teachers Association Inc
T: +61 3 9495 6836 | F: +61 3 9495 6834
E: donna at vitta.org.au | W: http://www.vitta.org.au
Suite 202, 134-136 Cambridge St, Collingwood  VIC  3066, Australia

More information about the primaryit mailing list