Photobucket Hacked – Latest Updates
MOST CURRENT - 20 June 08 14.15 GMT:
Things seem to have stabilised as the corrected dns settings filtered out across the web. There are still a small number of users accessing the instructions on what to do to get onto Photobucket, of which some would be due to local caches.
So I guess it's almost situation normal! Have a good weekend, and keep your images safe...
PREVIOUS UPDATE:
19 June 08, 22.15 GMT: There are still quite a few reports from all over the globe of Photobucket not working. Some users are reporting that they are still getting a holding page. The search volumes of people coming to this blog to try and resolve the problem have not diminished since yesterday.
It's interesting that I can actually tell from the logs to this website users of which ISP's still can't access Photobucket.
For example, the article about what to do if you still don't have access to Photobucket is frequented the most by users from two US ISPs:
Comcast (USA), and
Road Runner (USA)
I'm also getting visitors to this article from other places like:
Speedy Net (Peru)
AT&T/SBC (USA)
Centurytel (USA)
Wanadoo (Holland)
Planet (Holland)
Direct-adsl (Holland)
Bredbandsbolaget (Sweden)
SCRTC (USA)
Time Warner Telecom (USA)
Opticon (Hungary)
BCC Net (Delta, British Columbia, Canada)
Dodo (Australia)
== many others ==
But Comcast and Road Runner are miles ahead of everyone else in the numbers of users suffering from this problem. If you are their users - talk to them. Explain that they need to force a dns refresh.
Apparently the (alleged) Turkish hackers group used an account on the servers of Bulgarian Hosting company Zettahost, causing all affected Photobucket traffic to redirect to it. Zettahost took the hackers' page down, and put up an explanation instead. And, indeed, some users are still reporting that they are getting the Zettahost page, when trying to access Photobucket.
Two things have compounded the problem:
a. Photobucket has not been posting any updates on their site, so users don't know what's going on. Their latest corporate blog entry is from June 12 and is entitled: "We're the best photo sharing site, so vote for us!" The latest press release is from May 14th. As of now there is still no official information from Photobucket about the incident.
b. Although it was very thoughtful of Zettahost to put up an explanatory message on the website that users were redirected to (the website that users got instead of Photobucket), the message was obviously written by someone who is a non-native speaker of English. As a result of the awkward grammar, some users thought it couldn’t have been written by a real company, and that this was still a site controlled by hackers.
The message goes:
================================================
IMPORTANT! Photobucket.com problem read here:
Last night Photobucket.com DNS at register.com was hacked by malicious people that are trying to compromise our business!
We are in no way affiliated with such bad deeds and cooperate with photobucket in capturing these individuals.
They have pointed the domain photobucket.com to an account hosted on our systems!
We have blocked that and photobucked techs have restored the domain pointing to its original location!
ALL account information and pictures on photobucket.com are OK, please have patience!
Unfortunately the complete DNS replication usually takes 24-48 hours and during this time caches DNS records might still point to us!
The normal operation of Photobucket is restored and as soon as the replication is complete there should be no further such issues!
We would like to emphasize that we are in now way responsible for what happens with photobucket and all users bumping across our systems!
We are a legitimate web hosting company operating since 2003 and in no way tolerate such hacking attempts!
If you have any questions please do not hesitate to contact us at abuse@zettahost.com!
Thanks for your patience and understanding!
================================================
It looks like a waiting game now…
Bookmark this page or subscribe to the "That Danny!" blog to follow updates.
============================================
MORE PHOTOBUCKET INFORMATION:
For the background to this story - go here.
============================================
Photobucket hacked – and how not to handle your customers when you get hacked!
Above: Photobucket down - site as seen by some users yesterday.
Photobucket was hacked yesterday, using what seems like a dns hack*
*see "what is a DNS hack?" at the bottom of this post.
Because the Photobucket outage was dns based, it meant that some people could still access the site, whilst others either got a hackers message, or a completely different website.
Users on discussion boards started debating the hacking with headlines like: "Was Photobucket site hacked?", "Photobucket hacked!" and "!!!Photobucket.com Has Been Hacked!!!"... you get the picture. In other words, it was all over the Net, with screenshot evidence and some genuine concern from users about the ability of Photobucket to keep their content and payment details safe.
What concerns me most about this story isn't actually the hack itself. What I find worrying is that Photobucket didn't put their hands up and say: "yes, we were hacked, Photobucket was down" or "yes, we suffered a dns hack!" or even, "it appears that Photobucket suffered a dns hack, we are looking into it and will come back to you as soon as we know more".
Instead what Photobucket did was:
a. say nothing on their blog.
b. say nothing on their site.
c. When users started discussing this on Photobucket's own support forums, their admin came back with this:
"On Tuesday afternoon, some users that typed in the Photobucket.com URL were temporarily redirected to an incorrect page due to an error in our DNS hosting services. The error was fixed within an hour of its discovery, but due to the nature of the problem, some users will not have access to Photobucket for a few hours as the fix rolls out. It is important to note
that only a portion of Photobucket users encountered the problem and that no
Photobucket content, password information or other personal information was
affected by the redirect. "
"due to an error in our DNS hosting services."? An error, as in a technical error? One that happened to redirect users to a message from a Turkish hacker?
This is very old-school: 'let's not admit anything and hope for it to go away'. The problem is that on the Internet, you can't use these sort of tactics anymore. Users have become more savvy, and they expect the kind of openness that Jeff Jarvis demanded from Dell, during his "Dell Hell" experience.
The key message here is: if you put your hands up and say - this is what went wrong, and here's what we're doing to fix it, users will trust you. If you don't tell the truth and your customers suss you out, they will rightfully ask: 'what else are they hiding from us?' Would I know if my details ever got compromised? Why should I trust this company?
It's still early hours - Photobucket, you could still issue a statement and tell us what has actually happened. Why was Photbucket down? Leave it longer, and your users might not be as forgiving.
UPDATE: Some two days have passed since this started, and still nothing official on the company's website, nothing on its blog and nothing in the press area.
Still not able to access Photobucket? Click here for some help.
============================================
What is a DNS hack? A dns hack alters where your computer browser goes when you type in an Internet address. Every web address (like www.thatdanny.com) has a corresponding number like 66.118.156.62 which is its real address (like a telephone number). When you enter a URL, your browser goes to a directory (called dns-"domain name server"), which tells it what the number of the domain is, so that it can find and display it. Thus, if you can change an entry in the dns directory by hacking into it, you can cause users to go to a completely different website. This is what appears to have happened with Photobucket.
============================================
MORE PHOTOBUCKET INFORMATION:
For the latest updates - go here.
============================================