Priča o tome da je Exit festival facebook stranica hakovana preplavila je domaće medije u ponedeljak uveče, a zatim i u utorak. Skoro u svim izveštajima izostala je informacija o tome da ovo definitivno nije usamljen slučaj i da se tokom prethodne dve nedelje ovo isto dogodilo stotinama, pa možda i hiljadama drugih institucija, organizacija, firmi, pojedinaca iz regiona... Nisu napadnute samo stranice na facebook.com nego i vebsajtovi. Blog Srećka Sekeljića jedan je od retkih gde su pomenuti i drugi napadi.
U svim slučajevima za koje smo mi saznali radilo se očigledno o istim hakerima i sledu događaja: prvo se na stranici pojavio tekst “I LOVE DO plsssssss SUGGEST TO FRIENDS THERE IS THE METHOd” sa linkom koji nećemo ovde objavljivati, a odmah zatim administratori nisu više imali pristup stranici. Na većini mesta se sve zaustavilo na tome.
S obzirom da definitivno nismo jedini kojima se ovo dogodilo, ali smo među retkima koji su uspeli da povrate administratorske pristupe, tokom prethodnih nekoliko dana javljaju nam se ljudi koji su kao i mi bili žrtve hakera. Naše iskustvo je, očigledno, da je moguće vratiti svoju stranicu, ali je prilično mukotrpno pronaći pravi način, dobre linkove, sakupiti sve, reagovati, čekati... Zbog toga smo odlučili da podelimo iskustvo na ovaj način - na osnovu onoga što se nama dogodilo sastavili uputstvo, izvukli najvažnije linkove, tekst koji smo mi slali administratorima na facebook.com, ali i neka uputstva koja mogu da spreče da se ovako nešto dogodi.
Mi smo odlučili da podelimo ovo iskustvo jer se nadamo da će drugima to pomoći, ali pozivamo i vas da na svojim blogovima, kao komentar na ovaj tekst, na svojim profilima na facebook.com ili twitter.com prenesete svoja iskustva.
Na kraju, ako podelimo ovo doprinećemo makar malo većoj sigurnosti, ali i tome da se naši glasovi jače čuju u žamoru 600 miliona građana države Facebook, među kojima ima i onih koji će možda noćas na vašu stranicu postaviti čudan link.
Osim toga, ljude koji dolaze na Share konferenciju u aprilu obavestili smo o svemu što se događa, pa će sve što se u poslednjih nekoliko nedelja događa na regionalnim Internet mestima neizbežno biti case study na predavanjima i panelima o sigurnosti na Internetu, privatnosti na facebook.com, o Internet aktivizmu itd.
Šta smo mi radili:
- Svakako pročitajte šta piše na blackboxsocialmedia.com - oni su ovo što mi sada radimo već uradili na neki način.
- Pogledajte i na drugim mestima na Internetu informacije o tome kako da se zaštitite ili kako da povratite svoju stranicu. Ovo su aktuelne teme i inače, a sada posebno jer su stranice na facebook.com pre mesec dana promenjene, ali i zbog sve češćih napada.
- Sastavili smo i kratka, najosnovnija uputstva za naše administratore:
1. Pogledajte url adresu dok ste ulogovani na facebook, ako vidite http umesto https to znači da niste zaštićeni. Idite na Account/Account settings/Account security, obeležite (otkačite) oba boksa i kliknite ’save’.
2. Što manje administratora to bolje
3. Šifre moraju da sadrže velika slova, mala slova, brojeve... (primer kSFda$43lk), sa najmanje 8 karaktera
4. Šifre se moraju menjati jednom mesečno
5. Kada postavljate linkove proverite prvo gde vode
6. Administratori ne smeju postavljati i koristiti java skript kodove
7. Administratori ne smeju instalirati neproverene aplikacije
8. Potrebno je koristiti Mac OSX, Linux ili Windows sa antivirus programom
- Čitali smo i proučili sve što se krije iza linka https://www.facebook.com/help
- Kada smo napadnuti slali smo mejlove na sledeće adrese:
press@fb.com
privacy@facebook.com
support@facebook.com
- Popunili smo formulare na sledećim linkovima:
http://www.facebook.com/help/contact.php?show_form=username_infringement
http://www.facebook.com/help/contact.php?show_form=pages_bug
http://www.facebook.com/help/contact.php?show_form=pages_not_restored
http://www.facebook.com/?ref=home#!/legal/copyright.php?copyright_notice=1
https://www.facebook.com/press/contact.php
Skoro je sigurno da posle svega ovoga nećete dobiti odgovor ili da ćete dobiti automatski odgovor, ali svakako vredi pokušati.
Ako na ove mejlove i adrese prijavu pošalje nekoliko stotina ljudi, pa još ako sve prijave budu imale sličan sadržaj postoji makar mala mogućnost da neko primeti.
- Tekst mejla koji smo slali na gore navedene adrese:
Subject mejla: URGENT HACKED BUSINESS FB ACCOUNTS - PLEASE RESPOND
Tekst mejla:
Dear FB administrator,
My name is .... and I am administrator of The EXIT Festivals FB Page.
Exit festival is an international music festival in Serbia and our page http://www.facebook.com/exit.festival have all been hacked today around 12pm GMT.
As I am sure you can understand, this could potentially be very detrimental to our business as we have over 110,000 fans.
Somebody posted “I LOVE DO plsssssss SUGGEST TO FRIENDS THERE IS THE METHOd” followed with link to his page ....
None of us 6 administrators could approach from then on.
Other administrators are ....
I hope you’ll be able to react immediately and help us to take back control over our page as a matter of urgency.
Please, do not hesitate to contact me for any additional info you might need.
- Zvali telefonom i pričali sa facebook.com robotima :) +1 650 5434800
*********************************************************************************************************
On Monday night, continuing on Tuesday, Serbian media were overflown by the story of Exit Festival official facebook page being hacked. Almost all of them missed to mention that this is not the only case of such events, and that this has happened to hundreds, maybe thousands of other institutions, organizations, companies and individuals from the region... Not only facebook pages were hacked, but the websites as well.
Since we are not the sole target of these attacks, but also one of the rare cases who managed to recover their admin logins, in the last couple of days people who have also been target to these attacks have been contacting us. According to our experience, it is possible to recover the page, but finding a way is a difficult venture, it includes finding the right links, gathering all information, reacting, waiting... This is why we decided to share our experience in the following way - put together an instruction manual, with the most important links, text we sent to the site administrator, as well as other instructions that can help prevent something like this from happening.
The reason why we decided to share this experience is because we hope it will be helpful to others, and we invite you to, through your blogs, as a comments on this post, on your profiles at Facebook or Twitter, share your experience and opinion.
Finally, by sharing this we will contribute the increase of safety, and to our voices being heard stronger within the murmurs of 600,000,000 citizens of Facebook State, among whom there are those who might post this strange link on your page as soon as tonight.
Apart from this, people attending Share Conference in April in Belgrade have been informed by us on everything that has happened, so everything that has been happening at regional Internet pages in the last couple of weeks will make a substantial case study at lectures and panels on Internet safety, privacy at Facebook, Internet activism, etc.
What did we do:
- Make sure you read what's written in blackboxsocialmedia.com -in a way, they have already done what we are doing now.
- If your page isn't hacked make sure to watch video on this link.
- Search other Internet spots for information on protection and page recovery. These are hot topics generally, and especially now, since page format at Facebook has been changed, and the attacks more frequent.
- We have also put together short, basic instructions for our admins:
1. While on facebook, look at your url address. If you see http instead of https then you don't have a secure session and you can be hacked. Go to Account/Account settings/Account security and tick the boxes and Save. You'll also see what devices have been accessing your account.
2. As few admins as possible
3. Passwords must contain Capital letters, small caps, numbers and special characters
(example kSFda$43lk), with at least eight non blank characters
4. When you post links, check where they take
5. Admins must change their Profile passwords every month
6. When posting links, they first need to check this link in a browser, to see where it goes
7. Admins cannot post and use java script codes
8. Admins cannot install unverified applications on Facebook Page
9. Use Mac OSX, Linux, or Windows with an antivirus program
- We read and examined everything behind the link https://www.facebook.com/help
- When we were attacked we sent emails to these addresses:
abuse@facebook.com
press@fb.com
privacy@facebook.com
support@facebook.com
- We filled in the forms in these links:
http://www.facebook.com/help/contact.php?show_form=username_infringement
http://www.facebook.com/help/contact.php?show_form=pages_bug
http://www.facebook.com/help/contact.php?show_form=pages_not_restored
http://www.facebook.com/?ref=home#!/legal/copyright.php?copyright_notice=1
https://www.facebook.com/press/contact.php
You will almost definitely not get a reply after all this, or you will get an automatic reply, but it's certainly worth a shot.
If a couple of hundred people send emails and reports to this address, and if they have a similar content, there is a possibility of this being noticed.
- Email we sent to the addresses above:
Subject: URGENT HACKED BUSINESS FB ACCOUNTS - PLEASE RESPOND
Text :
Dear FB administrator,
My name is .... and I am administrator of The EXIT Festivals FB Page.
Exit festival is an international music festival in Serbia and our page http://www.facebook.com/exit.festival have all been hacked today around 12pm GMT.
As I am sure you can understand, this could potentially be very detrimental to our business as we have over 110,000 fans.
Somebody posted “I LOVE DO plsssssss SUGGEST TO FRIENDS THERE IS THE METHOd” followed with link to his page ....
None of us 6 administrators could approach from then on.
Other administrators are ....
I hope you’ll be able to react immediately and help us to take back control over our page as a matter of urgency.
Please, do not hesitate to contact me for any additional info you might need.
- We called the phone and talked to facebook.com robots :) +1 650 5434800