Website Security and You as a Webmaster

July 24, 2009 Posted by cpvr
Paid Advertisement

This is a guest post written by Carlos Andrade (aka cpvr), an internet entrepreneur and owner of VirtualPetList.com.

Hello everyone! My name is Carlos Andrade (known online as cpvr). I’ve trusted someone over the years to help me run our server (which I, as a webmaster, have run and maintained).

In June of 2009, the server administrator (the person I trusted) decided to bollix our operation. Not only did he wipe our backups, but he also broke into our email accounts, stole our domain names, and stole our hosting account. Our hosting account was maintained by ThePlanet.

After this incident, my community thought that we sold out (see VPL hacked?). As time went on, we were faced with a decision of returning or staying down. I wanted to stay down because my life was going in a wreck (got in a car accident and lost it all) and everything was piling up fast.

I didn’t want to come back because it hurt so much to lose years of hard work. Not only did this guy do it to us twice, but he thought it was funny. He claimed he was "beat down" as a little one. However, when you steal from others and you’re not good at what you do, you can slip. He eventually told us important information (such as his place of residence).

Not only did he take my community from me, he also broke into my computer the following weekend because I had some security settings open and my firewall turned off. I let him get in because I wasn’t aware of the features on my laptop since I wasn’t the one that bought it, my parents did.

So, I asked one of my fellow administrators (also, co-owner, EBK) of what I should do – and told him about what was going on. He told me to check for "remote access" via windows search. I found it and unchecked the box. I’ve also turned my firewall on, changed emails, beefed security on domain company, and also made harder passwords.

He also stole my "Google accounts," which means he was out to wipe me clean, but I fought back and supplied our users with what they were asking for (more information). If you’re a webmaster and you know what it’s like to lose years of hard work just for trusting someone, then you can relate to me.

121

But, of course stealing people’s information is grounds to contact the FBI, so I filed an internet complaint on IC3 and provided them with all the evidence that I had. I do not intend for cyber crime to remain an oft unpunished variety. This incident demonstrated to me on a personal level the damages which can be caused by just one man.

Although the web is still an emerging medium, crimes against digital properties deserve the same level of treatment as those against physical ones. Many of the perpetrators treat this domain as a new wild west in which they may do whatever they please without any comeuppance, but these actions deserve real life punishment. That is why I have brought in law enforcement, and hope that the perpetrator is rightfully prosecuted to the fullest extent of the law.

So, remember guys: only trust your friends because when we went down, I went to ask one of my fellow business partners (we worked on many projects before) for help and he also exposed the culprit to everyone.

Thank you for giving me the opportunity to speak my word, Tyler!

If you enjoyed this post, please consider leaving a comment below, subscribing to my RSS feed, or following me on Twitter.
Posted: July 24th, 2009 under Guest Posts  

33 Responses to “Website Security and You as a Webmaster”

  1. Security is one of the biggest concerns as if you were to lose the files of your website, life is over which would suck.

  2. Andrew says:

    You didn’t have any remote backups? That’s your fault. You improperly backed up your site. Any serious webmaster should have multiple redundant backups. My servers have been hacked / wiped before but bc I know what the word backup really means I was alwAys able to get them back up within 24 hours.

    A backup should be done on a regular basis after any significant updates or content additions. Then that backup needs to be stored locally, on the live host, and remotely at atleast one other geographic location far from your hosts location. That’s the only way to be sure your data is truly recoverable.

    While your admin was a dick your lack of forethought is what screwed you.

    • cpvr says:

      My fault? We had all backup systems implemented – he deleted them and went from there. We’re in the process of talking to our old hosting company and handling the situation. its not my fault, we weren’t available.

      You think our server wasn’t secured? We’ve been online for 5+yrs now.

      • Chino says:

        I agree with Andrew. You should follow the old X-files adage “Trust No One” when it comes to working with people you don’t really know. Seriously you didn’t even know were this guy lives and gave him the keys to your business? Even though you may have known him in the online realm for sometime, its not a real relationship and you can get burned quite easily.

        Also whats with your quitter attitude? You got in a car accident and that made you want to give up? It seems like your lack luster work ethic is really what cost you your business.

        • Michael says:

          So what about his quitter attitude Chino?

          It’s not about whether you’ve thought about quitting, it’s whether you actually DO QUIT. Anyone that’s done ANYTHING in life or business has had the thought at least once of “Is this worth it?” when the chips are down.

          What makes people different is whether they let life dictate what they’re going to do or whether they dictate to life and others whatever they want to do.

          Remember that courage isn’t about not feeling fear. Courage is feeling fear, looking at your fears eye-to-eye, and taking action in spite of it.

  3. Dean Saliba says:

    As I said on another blog, I take my security very seriously and would never allow anyone else to do that task for me.

  4. Greg Ellison says:

    I would also call the FBI and see what they could do for you. This person that did this must have been a kid and hopefully this person never gets hired as a IT person because he can’t be trusted. Greg Ellison

  5. I hope you will be able to rebuild your bussiness! Guy who did this deserve to be persecute by law. Very sorry to hear this! This is good example how trust is relevant in our bussiness!

  6. its great to see this post, but saying to “only trust your friends” may not always be the mantra of choice. Betrayal in the business world can come from within the tightest of your circles.

  7. Dave says:

    For those in affiliate marketing, security is something that is often overlooked. I had some of my sites hacked awhile back and it definitely opened my eyes. Have a backup plan in place, make strong passwords, have a copy of everything offline, and be smart.

    • cpvr says:

      Good point, Dave. What do you recommend to others about being smart? Strong passwords = key, but firewalls are also stronger. And also not storing anything on the PC is even safer. Deletion of business-emails = also key.

  8. you shouldn;t trust anyone in this day . this is what i’m doing and it keep me save from those bastard

  9. mm says:

    hi,
    How many members, post,threads you had before this mess.

  10. It’s a bit rough slating the guy now, what’s done is done and it’s good to see vpl is back online. Why not name and shame the culprit to make sure noone else deals with them online ever again!

  11. hospitalera says:

    Something similar happened to me some time ago. Anything I can do to help to get at least your rankings back, just ask! SY

  12. Yes online security is extremely important for anyone running an internet business. There are a lot of shady people out there who will try to mess with you just to brag about it. Always ensure you are have suitable security settings on all computers you use and on your servers. I would hate to go through the headaches of having someone destroy my entire online business. I too would pursue criminal charges against someone like that.

  13. used tires says:

    Wow that is really unfortunate luck man. That’s why you really can’t trust people 100%, and have some sort of contract written agreement, and also always be backing things up on a personal level from time to time.

    Till then,

    Jean

  14. Free website says:

    Sorry to hear this…

    Always keep remote copies of your data. Split it to various places to make sure that absolutely nothing is lost in case of theft, server crash or some other disaster.

  15. cpvr says:

    Here are the stats for those that asked[was in archive for 2008 review]:
    Threads: 10,972, Posts: 123,965, Members: 4,885

    Our stats now since we’ve been back[July 3, 2009]
    Threads: 1,400, Posts: 21,241, Members: 512

  16. shaunjudy says:

    WoW! Tyler are you still backed up on the paid advertisements? I have been looking forward to reading a post from you. Let me know when Ican expect a post from you. Thanks

  17. cpvr says:

    I’m not playing games here guys. I submitted a press release. http://www.free-press-release.com/news/200907/1248635062.html

    ^Tyler update the post if you want. People need to learn that I don’t play games.

  18. Uhm, I don’t get it. This person destroyed your business assets and you haven’t called the police?

    If you know his name and where he lives, you call the cops in the city and report a crime. No difference between wiping out $X in web server assets and breaking into a retail store and stealing $X in physical goods.

    I don’t think your best bet is to try to smear his name on Blogs. If he broke the law, call the cops.

    However, thanks for the post. You just reminded me to get my backups done. :)

  19. You can trust no one but yourself :)

    -Mike

  20. gurtey says:

    Yeah…i being a blogger…its very important to safeguard all the files and have a good security..!

  21. Andrew says:

    While the guy brings up a lot of good points about website security that we should all think about, his personal stance on the issue seems to be motivated by arrogant revenge.

    I have read a few threads on his site where his own community are starting to think he is a delusional, controlling asshat with no sense of reality.

    In one thread, he has an issue with a virtual pet site which charges users for extras and/or membership (I’m not sure which, but the point is, he has an issue that it charges members for something or other). His main problem is that the site then pays that money to designers/coders/developers to make the site better.

    He claims that paying these people is a waste of money and that it doesn’t add anything to the site. That the money paid by users should be put back into making the site better. So basically, he doesn’t realise that it is these designers/coders/developers which actually ARE making the site better for it’s users.

    Yes, that’s right. The guy that wrote this post has no idea how web design/development works and what matters to people who use the websites when they have been opened, so I have no idea how he thinks he can tell other people to run theirs.

    He thinks that the only thing that can make a site better are faster servers (because that’s all money SHOULD be spent on). He thinks that web designers should do it for free (which probably shows how much he’s willing to pay himself, especially judging by the look of his site), and anyone that can afford to pay them (via fees collected by a faithful user base who actually want to pay to make the site better) should be brought down a peg or two.

    And why did he start this whole diatrabe against that site paying staff anyway? Because someone on the staff declined to tell him exactly how much they earnt.

    Yes, as well as not realising how web businesses work (and obviously trying to get by as cheap as possible and hating on people spending a little to make things better), he has the cheek to ask a complete stranger how much they earn, for no reason other than to let his arrogant brain know how much they earnt.

    Probably much more than he. Hurts, doesn’t it, cpvr.

    Yes, Tyler, you have been extremely transparent with your earnings, but even you know that most people aren’t, and I doubt you’d ask a complete stranger how much they earnt and then do a whole smear campaign against them when they don’t tell you.

    But more than this lack of knowledge, almost every post comes across as arrogant, self-righteous and extremely contradictory.

    I’d suggest you read this thread on his own forum before you post any more guest posts written by him again.

    He is a vengeful little psycho, so right now, I’m taking this whole “He stole everything!” story with a pinch of salt. It’s probably revenge for someone else who simply didn’t help him out with his petty, arrogant requests.

    • Andrew says:

      Quick note – I’m a different Andrew to the one who commented before.

      Just so cpvr knows it’s not the same person on a smear mission as he seems to be intent to do to all who ‘slight’ him.

      No, there’s a lot more than one person here who can see you don’t actually know that much about web development :-)

      Sorry, cpvr, and I hope that one day you do start earning a lot of money and understand that to make even more, you have to actually pay staff.

      Maybe then you’d stop all these smear campaigns.

      What actually happened with the ‘hacker’? I mean really, now.

  22. tezeti says:

    WARNING: I strongly recommend that you do not go to this website. Look what he does to his members:

    http://www.virtualpetlist.com/blog/2009/07/lexi-whats-wrong/

  23. I have McAfee, but everytime I open internet explorer this internet security website opens the McAfee site advisor turns red, I tried changing the home page to yahoo, but it doesn’t work.

  24. Buy Generic says:

    I like the evil grin, that was classic. Thank you.

  25. icahetsizlik says:

    Betrayal in the business world can come from within the tightest of your circles. ;)

  26. As I said on another blog, I take my security very seriously and would never allow anyone else to do that task for me. ;)

PeerFly

Leave a Reply